Search CVE reports


Toggle filters

41 – 50 of 396 results


CVE-2020-25084

Low priority

Some fixes available 12 of 13

QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25624

Low priority

Some fixes available 12 of 13

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-14364

Medium priority
Fixed

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-17380

Medium priority

Some fixes available 12 of 13

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-16092

Low priority
Fixed

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-15863

Low priority

Some fixes available 3 of 4

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-15859

Medium priority

Some fixes available 4 of 5

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-10756

Medium priority

Some fixes available 2 of 5

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This...

4 affected packages

libslirp, qemu, qemu-kvm, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Not affected Not affected Fixed Not in release Not in release
qemu Not affected Not affected Not affected Fixed Not affected
qemu-kvm Not in release Not in release Not in release Not in release Not in release
slirp4netns Not affected Not affected Vulnerable Not in release Not in release
Show less packages

CVE-2020-15469

Low priority

Some fixes available 11 of 14

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-14415

Low priority

Some fixes available 1 of 2

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages