Search CVE reports


Toggle filters

31 – 40 of 396 results


CVE-2020-29129

Low priority
Fixed

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

3 affected packages

libslirp, qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Not affected Not affected Fixed Not in release Not in release
qemu Not affected Not affected Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25723

Medium priority

Some fixes available 12 of 13

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-27617

Low priority

Some fixes available 12 of 13

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-27616

Low priority
Fixed

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-24352

Low priority
Vulnerable

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25743

Low priority
Vulnerable

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25742

Low priority
Vulnerable

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25741

Low priority
Vulnerable

fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25625

Low priority

Some fixes available 12 of 13

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25085

Medium priority

Some fixes available 12 of 13

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages