This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Qemu First view 2008-12-24
Product Qemu Last view 2020-08-31
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:qemu:qemu

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2020-08-31 CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

5.5 2020-08-31 CVE-2020-12829

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.

3.3 2020-08-27 CVE-2020-14415

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

3.8 2020-08-11 CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.

7.9 2020-07-28 CVE-2020-15863

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

5 2020-06-09 CVE-2020-10761

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

5.5 2020-06-04 CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.

6.5 2020-05-04 CVE-2020-10717

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.

3.3 2020-04-27 CVE-2020-11869

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

6 2020-02-11 CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

8.8 2020-02-11 CVE-2013-4535

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

3.5 2020-01-31 CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

6.5 2020-01-23 CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5 2020-01-23 CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

7.8 2020-01-02 CVE-2013-4532

Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

7.5 2019-12-31 CVE-2019-20175

** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert."

7.8 2019-12-30 CVE-2013-2016

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

9.8 2019-06-24 CVE-2019-12929

** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.

9.8 2019-06-24 CVE-2019-12928

** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.

3.3 2019-03-21 CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

5.5 2019-02-19 CVE-2019-3812

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

7.5 2018-12-20 CVE-2018-20216

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).

7.5 2018-12-20 CVE-2018-20191

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

5.5 2018-12-20 CVE-2018-20126

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (43) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (19) CWE-399 Resource Management Errors
8% (18) CWE-787 Out-of-bounds Write
7% (16) CWE-125 Out-of-bounds Read
6% (14) CWE-20 Improper Input Validation
6% (13) CWE-190 Integer Overflow or Wraparound
3% (8) CWE-772 Missing Release of Resource after Effective Lifetime
3% (8) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (7) CWE-476 NULL Pointer Dereference
3% (7) CWE-369 Divide By Zero
3% (7) CWE-200 Information Exposure
2% (5) CWE-189 Numeric Errors
2% (5) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (4) CWE-416 Use After Free
1% (4) CWE-362 Race Condition
1% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (2) CWE-668 Exposure of Resource to Wrong Sphere
0% (2) CWE-617 Reachable Assertion
0% (2) CWE-269 Improper Privilege Management
0% (2) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
0% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
0% (1) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
0% (1) CWE-287 Improper Authentication

Open Source Vulnerability Database (OSVDB)

id Description
75279 Qemu hw/scsi-disk.c scsi_disk_emulate_command() Function Command Parsing Loca...
74752 qemu-kvm -runas Option Local Privilege Escalation
73618 Qemu VirtIO virtqueue Request Parsing Local Overflow
70992 QEMU Empty VNC Password Authentication Bypass
62347 QEMU usb-linux.c usb_host_handle_control Function Crafted USB Packet Handling...
59287 VNC Server in QEMU vnc.c Use-after-free Fuzzy Screen Mode Protocol Arbitrary ...
59286 VNC Server in QEMU vnc.c Use-after-free Invalid Message Data Type Arbitrary C...
59285 VNC Server in QEMU vnc.c Use-after-free Data Transfer Disconnection Arbitrary...
52913 KVM kvm-79 VNC Server vnc.c protocol_client_msg Function Crafted Message Remo...
52912 QEMU VNC Server vnc.c protocol_client_msg Function Crafted Message Remote DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security)
File : nvt/gb_suse_2012_1174_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security)
File : nvt/gb_suse_2012_1172_1.nasl
2012-12-13 Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu)
File : nvt/gb_suse_2012_1170_1.nasl
2012-12-13 Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN)
File : nvt/gb_suse_2012_1572_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-10-22 Name : Gentoo Security Advisory GLSA 201210-04 (ebuild)
File : nvt/glsa_201210_04.nasl
2012-10-19 Name : Fedora Update for qemu FEDORA-2012-15606
File : nvt/gb_fedora_2012_15606_qemu_fc16.nasl
2012-10-16 Name : Fedora Update for qemu FEDORA-2012-15740
File : nvt/gb_fedora_2012_15740_qemu_fc17.nasl
2012-10-03 Name : Ubuntu Update for qemu-kvm USN-1590-1
File : nvt/gb_ubuntu_USN_1590_1.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-15 Name : Debian Security Advisory DSA 2545-1 (qemu)
File : nvt/deb_2545_1.nasl
2012-09-15 Name : Debian Security Advisory DSA 2543-1 (xen-qemu-dm-4.0)
File : nvt/deb_2543_1.nasl
2012-09-15 Name : Debian Security Advisory DSA 2542-1 (qemu-kvm)
File : nvt/deb_2542_1.nasl
2012-09-07 Name : RedHat Update for qemu-kvm RHSA-2012:1234-01
File : nvt/gb_RHSA-2012_1234-01_qemu-kvm.nasl
2012-09-07 Name : RedHat Update for xen RHSA-2012:1236-01
File : nvt/gb_RHSA-2012_1236-01_xen.nasl
2012-09-07 Name : CentOS Update for kmod-kvm CESA-2012:1235 centos5
File : nvt/gb_CESA-2012_1235_kmod-kvm_centos5.nasl
2012-09-07 Name : CentOS Update for xen CESA-2012:1236 centos5
File : nvt/gb_CESA-2012_1236_xen_centos5.nasl
2012-09-07 Name : CentOS Update for qemu-guest-agent CESA-2012:1234 centos6
File : nvt/gb_CESA-2012_1234_qemu-guest-agent_centos6.nasl
2012-07-30 Name : CentOS Update for qemu-img CESA-2011:1801 centos6
File : nvt/gb_CESA-2011_1801_qemu-img_centos6.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0112 Oracle Linux & Virtualization Buffer Overflow Vulnerability
Severity: Category I - VMSKEY: V0060735
2015-A-0115 QEMU Virtual Floppy Drive Controller (FDC) Buffer Overflow Vulnerability
Severity: Category II - VMSKEY: V0060741
2010-A-0037 Multiple Vulnerabilities in Linux Kernel
Severity: Category I - VMSKEY: V0022704

Snort® IPS/IDS

Date Description
2015-10-01 QEMU VNC set-pixel-format memory corruption attempt
RuleID : 35851 - Type : SERVER-OTHER - Revision : 2
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34488 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34487 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34486 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34485 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34484 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34483 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34482 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34481 - Type : OS-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-74fb8b257b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4338.nasl - Type: ACT_GATHER_INFO
2018-10-25 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1321.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1313.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1314.nasl - Type: ACT_GATHER_INFO
2018-09-19 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1073.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1247.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1268.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1073.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1497.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2462.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2162.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1201.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-05-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4213.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1144.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1113.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0816.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-1350.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-1351.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-08.nasl - Type: ACT_GATHER_INFO