| 0 |
| url |
VCID-2fr3-kytt-h7ff |
| vulnerability_id |
VCID-2fr3-kytt-h7ff |
| summary |
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5579
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fr3-kytt-h7ff |
|
| 1 |
| url |
VCID-4rmk-qt1h-5yhc |
| vulnerability_id |
VCID-4rmk-qt1h-5yhc |
| summary |
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8909
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4rmk-qt1h-5yhc |
|
| 2 |
| url |
VCID-76s6-cxcr-ckft |
| vulnerability_id |
VCID-76s6-cxcr-ckft |
| summary |
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8577
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-76s6-cxcr-ckft |
|
| 3 |
| url |
VCID-7gnm-n9bc-n7at |
| vulnerability_id |
VCID-7gnm-n9bc-n7at |
| summary |
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5552
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7gnm-n9bc-n7at |
|
| 4 |
| url |
VCID-95d6-n1v7-y7cd |
| vulnerability_id |
VCID-95d6-n1v7-y7cd |
| summary |
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5898
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-95d6-n1v7-y7cd |
|
| 5 |
| url |
VCID-9c12-abdp-17ea |
| vulnerability_id |
VCID-9c12-abdp-17ea |
| summary |
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-9105
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9c12-abdp-17ea |
|
| 6 |
| url |
VCID-bk24-wqs5-5fcv |
| vulnerability_id |
VCID-bk24-wqs5-5fcv |
| summary |
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2615, XSA-208
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bk24-wqs5-5fcv |
|
| 7 |
| url |
VCID-bth9-s2x5-wyfc |
| vulnerability_id |
VCID-bth9-s2x5-wyfc |
| summary |
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8668
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bth9-s2x5-wyfc |
|
| 8 |
| url |
VCID-ccta-e7hb-tygm |
| vulnerability_id |
VCID-ccta-e7hb-tygm |
| summary |
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-7995
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ccta-e7hb-tygm |
|
| 9 |
| url |
VCID-hfyr-x1rp-dud2 |
| vulnerability_id |
VCID-hfyr-x1rp-dud2 |
| summary |
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8910
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hfyr-x1rp-dud2 |
|
| 10 |
| url |
VCID-p24x-d6qs-77a5 |
| vulnerability_id |
VCID-p24x-d6qs-77a5 |
| summary |
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5525
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p24x-d6qs-77a5 |
|
| 11 |
| url |
VCID-ph34-yup5-z7a4 |
| vulnerability_id |
VCID-ph34-yup5-z7a4 |
| summary |
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5931
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ph34-yup5-z7a4 |
|
| 12 |
| url |
VCID-q7dy-tk74-3kby |
| vulnerability_id |
VCID-q7dy-tk74-3kby |
| summary |
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5856
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dy-tk74-3kby |
|
| 13 |
| url |
VCID-qegh-vk15-zbbu |
| vulnerability_id |
VCID-qegh-vk15-zbbu |
| summary |
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-9104
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qegh-vk15-zbbu |
|
| 14 |
| url |
VCID-rgss-djue-bybk |
| vulnerability_id |
VCID-rgss-djue-bybk |
| summary |
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8576
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rgss-djue-bybk |
|
| 15 |
| url |
VCID-rnxj-1yr3-dqb4 |
| vulnerability_id |
VCID-rnxj-1yr3-dqb4 |
| summary |
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-9101
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rnxj-1yr3-dqb4 |
|
| 16 |
| url |
VCID-sqzp-srfh-nqbd |
| vulnerability_id |
VCID-sqzp-srfh-nqbd |
| summary |
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5857
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqzp-srfh-nqbd |
|
| 17 |
| url |
VCID-tngp-7kbr-2fdk |
| vulnerability_id |
VCID-tngp-7kbr-2fdk |
| summary |
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8578
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tngp-7kbr-2fdk |
|
| 18 |
| url |
VCID-ur84-4qah-6ued |
| vulnerability_id |
VCID-ur84-4qah-6ued |
| summary |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2620, XSA-209
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ur84-4qah-6ued |
|