CVE search results

91 – 100 of 470 results

Detailed view

Sort by:

CVE-2020-35504

Low priority

Some fixes available 12 of 14

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service....

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	Fixed	Fixed	Fixed	Fixed
qemu-kvm	Not in release	Not in release	Not in release	Not in release

CVE-2020-35503

Low priority

Vulnerable

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a...

2 affected packages

qemu-kvm, qemu

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu-kvm	Not in release	Not in release	Not in release	Not in release
qemu	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2020-29443

Low priority

Some fixes available 13 of 14

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	Fixed	Fixed	Fixed	Fixed
qemu-kvm	Not in release	Not in release	Not in release	Not in release

CVE-2020-29130

Low priority

Fixed

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

3 affected packages

libslirp, qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libslirp	—	Not affected	Fixed	Not in release
qemu	—	Not affected	Not affected	Not affected
qemu-kvm	—	Not in release	Not in release	Not in release

CVE-2020-29129

Low priority

Fixed

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

3 affected packages

qemu, libslirp, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	Not affected	Not affected	Not affected	Not affected
libslirp	Not affected	Not affected	Fixed	Not in release
qemu-kvm	Not in release	Not in release	Not in release	Not in release

CVE-2020-28916

Medium priority

Fixed

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release

CVE-2020-27821

Medium priority

Fixed

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Fixed	Not affected
qemu-kvm	—	—	Not in release	Not in release

CVE-2020-27661

Low priority

Not affected

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Not affected	Not affected
qemu-kvm	—	—	Not in release	Not in release

CVE-2020-27617

Low priority

Some fixes available 13 of 14

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	Fixed	Fixed	Fixed	Fixed
qemu-kvm	Not in release	Not in release	Not in release	Not in release

CVE-2020-27616

Low priority

Fixed

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Fixed	Not affected
qemu-kvm	—	—	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports