| 0 |
| url |
VCID-2fr3-kytt-h7ff |
| vulnerability_id |
VCID-2fr3-kytt-h7ff |
| summary |
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5579
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fr3-kytt-h7ff |
|
| 1 |
| url |
VCID-2j9h-1n3f-cka6 |
| vulnerability_id |
VCID-2j9h-1n3f-cka6 |
| summary |
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-9103
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2j9h-1n3f-cka6 |
|
| 2 |
| url |
VCID-4rmk-qt1h-5yhc |
| vulnerability_id |
VCID-4rmk-qt1h-5yhc |
| summary |
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8909
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4rmk-qt1h-5yhc |
|
| 3 |
| url |
VCID-7b11-jyx9-hbfc |
| vulnerability_id |
VCID-7b11-jyx9-hbfc |
| summary |
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-7994
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7b11-jyx9-hbfc |
|
| 4 |
| url |
VCID-7gnm-n9bc-n7at |
| vulnerability_id |
VCID-7gnm-n9bc-n7at |
| summary |
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5552
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7gnm-n9bc-n7at |
|
| 5 |
| url |
VCID-95d6-n1v7-y7cd |
| vulnerability_id |
VCID-95d6-n1v7-y7cd |
| summary |
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5898
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-95d6-n1v7-y7cd |
|
| 6 |
| url |
VCID-bth9-s2x5-wyfc |
| vulnerability_id |
VCID-bth9-s2x5-wyfc |
| summary |
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8668
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bth9-s2x5-wyfc |
|
| 7 |
| url |
VCID-ccta-e7hb-tygm |
| vulnerability_id |
VCID-ccta-e7hb-tygm |
| summary |
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-7995
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ccta-e7hb-tygm |
|
| 8 |
| url |
VCID-hfyr-x1rp-dud2 |
| vulnerability_id |
VCID-hfyr-x1rp-dud2 |
| summary |
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8910
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hfyr-x1rp-dud2 |
|
| 9 |
| url |
VCID-pu4q-r2h5-cuaa |
| vulnerability_id |
VCID-pu4q-r2h5-cuaa |
| summary |
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5667
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pu4q-r2h5-cuaa |
|
| 10 |
| url |
VCID-qegh-vk15-zbbu |
| vulnerability_id |
VCID-qegh-vk15-zbbu |
| summary |
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-9104
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qegh-vk15-zbbu |
|
| 11 |
| url |
VCID-rgss-djue-bybk |
| vulnerability_id |
VCID-rgss-djue-bybk |
| summary |
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8576
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rgss-djue-bybk |
|
| 12 |
| url |
VCID-sqzp-srfh-nqbd |
| vulnerability_id |
VCID-sqzp-srfh-nqbd |
| summary |
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5857
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqzp-srfh-nqbd |
|
| 13 |
| url |
VCID-tngp-7kbr-2fdk |
| vulnerability_id |
VCID-tngp-7kbr-2fdk |
| summary |
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-8578
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tngp-7kbr-2fdk |
|
| 14 |
| url |
VCID-ur84-4qah-6ued |
| vulnerability_id |
VCID-ur84-4qah-6ued |
| summary |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2620, XSA-209
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ur84-4qah-6ued |
|
| 15 |
| url |
VCID-y82e-cyrq-t7d6 |
| vulnerability_id |
VCID-y82e-cyrq-t7d6 |
| summary |
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-5578
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y82e-cyrq-t7d6 |
|