Search CVE reports


Toggle filters

61 – 70 of 396 results


CVE-2020-10717

Medium priority
Not affected

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-11869

Medium priority
Fixed

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-1983

Medium priority

Some fixes available 14 of 16

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

4 affected packages

libslirp, qemu, qemu-kvm, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Fixed Fixed Fixed Not in release Not in release
qemu Not affected Not affected Not affected Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
slirp4netns Not affected Not affected Needs evaluation Not in release Not in release
Show less packages

CVE-2020-10702

Low priority
Fixed

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-11102

Medium priority
Not affected

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected
qemu-kvm Not in release Not in release
Show less packages

CVE-2019-15034

Low priority
Fixed

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2019-20382

Low priority
Fixed

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-1711

Medium priority

Some fixes available 13 of 14

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-8608

Medium priority

Some fixes available 17 of 30

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

5 affected packages

libslirp, qemu, qemu-kvm, slirp, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Fixed Fixed Fixed Not in release Not in release
qemu Not affected Not affected Not affected Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
slirp Vulnerable Vulnerable Vulnerable Fixed Fixed
slirp4netns Not affected Not affected Needs evaluation Not in release Not in release
Show less packages

CVE-2020-7211

Medium priority
Ignored

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

3 affected packages

libslirp, qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Not in release Not in release
qemu Not affected Not affected
qemu-kvm Not in release Not in release
Show less packages