This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Qemu First view 2007-05-02
Product Qemu Last view 2021-08-25
Version 0.8.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:qemu:qemu

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.4 2021-08-25 CVE-2021-3713

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.

8.5 2021-08-05 CVE-2021-3682

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

8.2 2021-06-02 CVE-2021-3546

A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

6.5 2021-06-02 CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

6.5 2021-06-02 CVE-2021-3544

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

6 2021-06-02 CVE-2020-35503

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

6.5 2021-06-02 CVE-2020-27661

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

6.7 2021-05-28 CVE-2020-35506

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

4.4 2021-05-28 CVE-2020-35505

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

6 2021-05-28 CVE-2020-35504

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

7.8 2021-05-28 CVE-2013-4536

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

5.5 2021-05-26 CVE-2021-3527

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

6 2021-05-13 CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

7.5 2021-05-13 CVE-2021-20181

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

6.1 2021-05-06 CVE-2021-3507

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

5.7 2021-03-23 CVE-2021-3409

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

3.2 2021-03-23 CVE-2021-3392

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

6 2021-03-18 CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

3.3 2021-03-09 CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

3.2 2021-02-25 CVE-2021-20203

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

6.3 2021-01-30 CVE-2020-17380

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

8.2 2021-01-28 CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.

6 2020-12-08 CVE-2020-27821

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

3.2 2020-12-02 CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

5.5 2020-10-16 CVE-2020-24352

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
14% (40) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (33) CWE-787 Out-of-bounds Write
9% (25) CWE-125 Out-of-bounds Read
6% (19) CWE-772 Missing Release of Resource after Effective Lifetime
6% (17) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
5% (16) CWE-476 NULL Pointer Dereference
5% (16) CWE-190 Integer Overflow or Wraparound
4% (13) CWE-20 Improper Input Validation
4% (11) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (10) CWE-369 Divide By Zero
3% (9) CWE-416 Use After Free
1% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (5) CWE-362 Race Condition
1% (5) CWE-200 Information Exposure
1% (5) CWE-189 Numeric Errors
1% (4) CWE-617 Reachable Assertion
1% (4) CWE-399 Resource Management Errors
1% (4) CWE-269 Improper Privilege Management
1% (3) CWE-668 Exposure of Resource to Wrong Sphere
1% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (2) CWE-770 Allocation of Resources Without Limits or Throttling
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (2) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
0% (2) CWE-264 Permissions, Privileges, and Access Controls
0% (2) CWE-193 Off-by-one Error

Open Source Vulnerability Database (OSVDB)

id Description
75279 Qemu hw/scsi-disk.c scsi_disk_emulate_command() Function Command Parsing Loca...
74752 qemu-kvm -runas Option Local Privilege Escalation
73618 Qemu VirtIO virtqueue Request Parsing Local Overflow
73395 Qemu PIIX4 Hotplug Invalid Memory Dereference Arbitrary Code Execution
70992 QEMU Empty VNC Password Authentication Bypass
62347 QEMU usb-linux.c usb_host_handle_control Function Crafted USB Packet Handling...
59287 VNC Server in QEMU vnc.c Use-after-free Fuzzy Screen Mode Protocol Arbitrary ...
59286 VNC Server in QEMU vnc.c Use-after-free Invalid Message Data Type Arbitrary C...
59285 VNC Server in QEMU vnc.c Use-after-free Data Transfer Disconnection Arbitrary...
52913 KVM kvm-79 VNC Server vnc.c protocol_client_msg Function Crafted Message Remo...
52912 QEMU VNC Server vnc.c protocol_client_msg Function Crafted Message Remote DoS
42986 QEMU NE2000 Emulator slirp Library Local Overflow
42985 QEMU net socket listen Option Local Overflow
42983 QEMU Block Device Read/Write Request Arbitrary Memory Access
35498 QEMU Divisor Operand / aam Instruction Divide-by-zero Local DoS
35496 QEMU icebp Instruction Unauthorized Virtual Machine Termination Local DoS
35495 QEMU NE2000 Network Driver Ethernet Frame Handling Overflow
35494 QEMU Cirrus VGA Extension cirrus_invalidate_region Function Multiple Overflows

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN)
File : nvt/gb_suse_2012_1572_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security)
File : nvt/gb_suse_2012_1174_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security)
File : nvt/gb_suse_2012_1172_1.nasl
2012-12-13 Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu)
File : nvt/gb_suse_2012_1170_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-10-22 Name : Gentoo Security Advisory GLSA 201210-04 (ebuild)
File : nvt/glsa_201210_04.nasl
2012-10-19 Name : Fedora Update for qemu FEDORA-2012-15606
File : nvt/gb_fedora_2012_15606_qemu_fc16.nasl
2012-10-16 Name : Fedora Update for qemu FEDORA-2012-15740
File : nvt/gb_fedora_2012_15740_qemu_fc17.nasl
2012-10-03 Name : Ubuntu Update for qemu-kvm USN-1590-1
File : nvt/gb_ubuntu_USN_1590_1.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-09-15 Name : Debian Security Advisory DSA 2545-1 (qemu)
File : nvt/deb_2545_1.nasl
2012-09-15 Name : Debian Security Advisory DSA 2543-1 (xen-qemu-dm-4.0)
File : nvt/deb_2543_1.nasl
2012-09-15 Name : Debian Security Advisory DSA 2542-1 (qemu-kvm)
File : nvt/deb_2542_1.nasl
2012-09-07 Name : RedHat Update for qemu-kvm RHSA-2012:1234-01
File : nvt/gb_RHSA-2012_1234-01_qemu-kvm.nasl
2012-09-07 Name : RedHat Update for xen RHSA-2012:1236-01
File : nvt/gb_RHSA-2012_1236-01_xen.nasl
2012-09-07 Name : CentOS Update for qemu-guest-agent CESA-2012:1234 centos6
File : nvt/gb_CESA-2012_1234_qemu-guest-agent_centos6.nasl
2012-09-07 Name : CentOS Update for kmod-kvm CESA-2012:1235 centos5
File : nvt/gb_CESA-2012_1235_kmod-kvm_centos5.nasl
2012-09-07 Name : CentOS Update for xen CESA-2012:1236 centos5
File : nvt/gb_CESA-2012_1236_xen_centos5.nasl
2012-07-30 Name : CentOS Update for qemu-img CESA-2011:1777 centos6
File : nvt/gb_CESA-2011_1777_qemu-img_centos6.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0112 Oracle Linux & Virtualization Buffer Overflow Vulnerability
Severity: Category I - VMSKEY: V0060735
2015-A-0115 QEMU Virtual Floppy Drive Controller (FDC) Buffer Overflow Vulnerability
Severity: Category II - VMSKEY: V0060741
2010-A-0037 Multiple Vulnerabilities in Linux Kernel
Severity: Category I - VMSKEY: V0022704

Snort® IPS/IDS

Date Description
2015-10-01 QEMU VNC set-pixel-format memory corruption attempt
RuleID : 35851 - Type : SERVER-OTHER - Revision : 2
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34488 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34487 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34486 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34485 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34484 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34483 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34482 - Type : OS-OTHER - Revision : 4
2015-06-23 QEMU floppy disk controller buffer overflow attempt
RuleID : 34481 - Type : OS-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-74fb8b257b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4338.nasl - Type: ACT_GATHER_INFO
2018-10-25 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1321.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1313.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1314.nasl - Type: ACT_GATHER_INFO
2018-09-19 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1073.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1247.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1259.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1268.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1073.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1497.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2462.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2162.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1201.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1034.nasl - Type: ACT_GATHER_INFO
2018-05-31 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1416.nasl - Type: ACT_GATHER_INFO
2018-05-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4213.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1144.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1145.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1113.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0816.nasl - Type: ACT_GATHER_INFO