Search CVE reports
101 – 110 of 464 results
CVE-2020-25743
Low priorityhw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-25742
Low prioritypci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-25741
Low priorityfdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-25625
Low prioritySome fixes available 11 of 12
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-25085
Medium prioritySome fixes available 11 of 12
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-25084
Low prioritySome fixes available 11 of 12
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-25624
Low prioritySome fixes available 11 of 12
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-14364
Medium priorityAn out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Fixed | Fixed | Fixed |
qemu-kvm | — | — | Not in release | Not in release | Not in release |
CVE-2020-17380
Medium prioritySome fixes available 11 of 12
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-16092
Low priorityIn QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Fixed | Fixed | Not affected |
qemu-kvm | — | — | Not in release | Not in release | Not in release |