Search CVE reports
151 – 160 of 470 results
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |
Some fixes available 8 of 9
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
2 affected packages
qemu-kvm, qemu
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 87 of 92
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a...
160 affected packages
linux-realtime, linux-azure-6.8, linux-oem-6.11, linux-aws-5.4, linux-azure-5.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux-realtime | Not affected | Not affected | Not in release | Not in release |
| linux-azure-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-oem-6.11 | Not affected | Not in release | Not in release | Not in release |
| linux-aws-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-azure-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-bluefield | Not in release | Not in release | Not affected | Not in release |
| linux-gcp-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-oracle-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-aws-fips | Not in release | Not affected | Not affected | Not affected |
| linux-azure-fips | Not in release | Not affected | Not affected | Not affected |
| linux-fips | Not in release | Not affected | Not affected | Not affected |
| linux-gcp-fips | Not in release | Not affected | Not affected | Not affected |
| linux-raspi2 | Not in release | Not in release | Ignored | Fixed |
| intel-microcode | Not affected | Not affected | Not affected | Fixed |
| linux | Not affected | Not affected | Not affected | Fixed |
| linux-lts-trusty | Not in release | Not in release | Not in release | Not in release |
| linux-goldfish | Not in release | Not in release | Not in release | Not in release |
| linux-mako | Not in release | Not in release | Not in release | Not in release |
| linux-flo | Not in release | Not in release | Not in release | Not in release |
| linux-lts-xenial | Not in release | Not in release | Not in release | Not in release |
| linux-snapdragon | Not in release | Not in release | Not in release | Fixed |
| linux-aws | Not affected | Not affected | Not affected | Fixed |
| linux-hwe | Not in release | Not in release | Not in release | Fixed |
| linux-hwe-edge | Not in release | Not in release | Not in release | Not affected |
| linux-gke | Not affected | Not affected | Not affected | Not in release |
| linux-gke-4.15 | Not in release | Not in release | Not in release | Fixed |
| linux-gke-5.0 | Not in release | Not in release | Not in release | Not affected |
| linux-azure | Not affected | Not affected | Not affected | Fixed |
| linux-azure-edge | Not in release | Not in release | Not in release | Fixed |
| linux-gcp | Not affected | Not affected | Not affected | Fixed |
| linux-kvm | Not in release | Not affected | Not affected | Fixed |
| linux-euclid | Not in release | Not in release | Not in release | Not in release |
| linux-oem | Not in release | Not in release | Not in release | Fixed |
| linux-gcp-edge | Not in release | Not in release | Not in release | Fixed |
| linux-aws-hwe | Not in release | Not in release | Not in release | Not in release |
| linux-oracle | Not affected | Not affected | Not affected | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu | Fixed | Fixed | Fixed | Fixed |
| libvirt | Fixed | Fixed | Fixed | Fixed |
| linux-oem-osp1 | Not in release | Not in release | Not in release | Not affected |
| linux-aws-5.0 | Not in release | Not in release | Not in release | Not affected |
| linux-azure-5.3 | Not in release | Not in release | Not in release | Not affected |
| linux-gcp-5.3 | Not in release | Not in release | Not in release | Not affected |
| linux-oracle-5.0 | Not in release | Not in release | Not in release | Not affected |
| linux-raspi2-5.3 | Not in release | Not in release | Not in release | Not affected |
| linux-oem-5.6 | Not in release | Not in release | Not affected | Not in release |
| linux-gke-5.3 | Not in release | Not in release | Not in release | Not affected |
| linux-oracle-5.3 | Not in release | Not in release | Not in release | Not affected |
| linux-riscv | Not affected | Not affected | Not affected | Not in release |
| linux-raspi | Not affected | Not affected | Not affected | Not in release |
| linux-azure-4.15 | Not in release | Not in release | Not in release | Not affected |
| linux-aws-5.3 | Not in release | Not in release | Not in release | Not affected |
| linux-gcp-4.15 | Not in release | Not in release | Not in release | Not affected |
| linux-hwe-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-raspi-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-hwe-5.8 | Not in release | Not in release | Not affected | Not in release |
| linux-gke-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-gkeop-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-dell300x | Not in release | Not in release | Not in release | Not affected |
| linux-oem-5.10 | Not in release | Not in release | Not affected | Not in release |
| linux-gkeop | Not affected | Not affected | Not affected | Not in release |
| linux-aws-5.8 | Not in release | Not in release | Not affected | Not in release |
| linux-azure-5.8 | Not in release | Not in release | Not affected | Not in release |
| linux-gcp-5.8 | Not in release | Not in release | Not affected | Not in release |
| linux-oracle-5.8 | Not in release | Not in release | Not affected | Not in release |
| linux-riscv-5.8 | Not in release | Not in release | Not affected | Not in release |
| linux-hwe-5.11 | Not in release | Not in release | Not affected | Not in release |
| linux-riscv-5.11 | Not in release | Not in release | Not affected | Not in release |
| linux-oem-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-aws-5.11 | Not in release | Not in release | Not affected | Not in release |
| linux-azure-5.11 | Not in release | Not in release | Not affected | Not in release |
| linux-oracle-5.11 | Not in release | Not in release | Not affected | Not in release |
| linux-ibm | Not affected | Not affected | Not affected | Not in release |
| linux-gcp-5.11 | Not in release | Not in release | Not affected | Not in release |
| linux-oem-5.14 | Not in release | Not in release | Not affected | Not in release |
| linux-intel-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-hwe-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-aws-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-oracle-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-gcp-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-ibm-5.4 | Not in release | Not in release | Not in release | Not affected |
| linux-azure-fde | Not in release | Not affected | Not affected | Not in release |
| linux-azure-5.13 | Not in release | Not in release | Not affected | Not in release |
| linux-lowlatency | Not affected | Not affected | Not in release | Not in release |
| linux-oem-5.17 | Not in release | Not affected | Not in release | Not in release |
| linux-intel-iotg | Not in release | Not affected | Not in release | Not in release |
| linux-intel-iotg-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-lowlatency-hwe-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-hwe-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-aws-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-gcp-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-gke-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-azure-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-oracle-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-azure-fde-5.15 | Not in release | Not in release | Ignored | Not in release |
| linux-oem-6.0 | Not in release | Not affected | Not in release | Not in release |
| linux-oem-6.1 | Not in release | Not affected | Not in release | Not in release |
| linux-hwe-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-azure-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-iot | Not in release | Not in release | Not affected | Not in release |
| linux-riscv-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-azure-fde-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-xilinx-zynqmp | Not in release | Not affected | Not affected | Not in release |
| linux-nvidia | Not affected | Not affected | Not in release | Not in release |
| linux-gkeop-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-aws-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-gcp-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-riscv-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-allwinner | Not in release | Not in release | Not in release | Not in release |
| linux-allwinner-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-starfive | Not in release | Not in release | Not in release | Not in release |
| linux-starfive-5.19 | Not in release | Not affected | Not in release | Not in release |
| linux-aws-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-hwe-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-ibm-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-gcp-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-azure-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-azure-fde-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-nvidia-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-starfive-6.2 | Not in release | Not affected | Not in release | Not in release |
| linux-laptop | Not in release | Not in release | Not in release | Not in release |
| linux-oem-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-hwe-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-riscv-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-starfive-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-aws-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-azure-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-gcp-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-oracle-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-nvidia-6.5 | Not in release | Not affected | Not in release | Not in release |
| linux-oem-6.8 | Not affected | Not in release | Not in release | Not in release |
| linux-intel | Not affected | Not in release | Not in release | Not in release |
| linux-nvidia-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-nvidia-lowlatency | Not affected | Not in release | Not in release | Not in release |
| linux-hwe-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-riscv-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-intel-iot-realtime | Not in release | Not affected | Not in release | Not in release |
| linux-raspi-realtime | Not affected | Not in release | Not in release | Not in release |
| linux-aws-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-gcp-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-oracle-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-hwe-6.11 | Ignored | Not in release | Not in release | Not in release |
| linux-hwe-6.14 | Not affected | Not in release | Not in release | Not in release |
| linux-aws-6.14 | Not affected | Not in release | Not in release | Not in release |
| linux-azure-6.11 | Ignored | Not in release | Not in release | Not in release |
| linux-azure-nvidia | Not affected | Not in release | Not in release | Not in release |
| linux-gcp-6.11 | Ignored | Not in release | Not in release | Not in release |
| linux-gcp-6.14 | Not affected | Not in release | Not in release | Not in release |
| linux-ibm-6.8 | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-6.11 | Ignored | Not in release | Not in release | Not in release |
| linux-nvidia-tegra | Not affected | Not affected | Not in release | Not in release |
| linux-nvidia-tegra-5.15 | Not in release | Not in release | Not affected | Not in release |
| linux-nvidia-tegra-igx | Not in release | Not affected | Not in release | Not in release |
| linux-oracle-6.14 | Not affected | Not in release | Not in release | Not in release |
| linux-oem-6.14 | Not affected | Not in release | Not in release | Not in release |
| linux-riscv-6.14 | Not affected | Not in release | Not in release | Not in release |
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Fixed |
| qemu-kvm | — | — | — | Not in release |
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |