📦 Qemu

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed in a guest OS could crash the host QEMU process and potentially allow code execution on the host. It ...

A heap buffer overflow vulnerability in QEMU's virtio-snd device allows attackers to write beyond allocated memory boundaries when processing audio input. This affects systems running QEMU with virtio...

A use-after-free vulnerability in QEMU's LSI53C895A SCSI Host Bus Adapter emulation allows attackers to cause a denial of service or potentially escape the virtual machine. This affects any system run...

This CVE describes an integer underflow and buffer overflow vulnerability in QEMU's SCSI emulation (esp.c). Attackers can exploit this to execute arbitrary code or cause denial-of-service on the QEMU ...

CVE-2023-2680 is a use-after-free vulnerability in qemu-kvm virtualization software that occurs due to an incomplete fix for CVE-2021-3750. This allows attackers with guest VM access to potentially ex...

This vulnerability allows a local unprivileged user on Windows systems running QEMU Guest Agent to manipulate the installer's repair custom actions, leading to privilege escalation. Attackers can gain...

CVE-2022-35414 is an uninitialized read vulnerability in QEMU's memory management component that can lead to crashes when handling I/O operations. This affects QEMU versions through 7.0.0 when used in...

A DMA reentrancy vulnerability in QEMU's USB EHCI controller emulation allows malicious guests to write crafted data to controller registers during packet transfers. This can trigger use-after-free co...

This vulnerability in QEMU's QXL display device emulation allows a malicious privileged guest user to trigger an integer overflow and subsequent heap buffer overflow. This can crash the QEMU process o...

A memory leak vulnerability in QEMU's virtio-net device occurs when cached virtqueue elements aren't unmapped during error conditions. This flaw affects QEMU version 6.2.0 and can lead to memory exhau...

This vulnerability allows a malicious guest user in QEMU virtual machines to perform out-of-bounds writes in the UAS device emulation, potentially leading to QEMU process crashes or arbitrary code exe...

This vulnerability in QEMU's USB redirector device emulation allows a malicious SPICE client to trigger a heap corruption when packet queues fill during bulk transfers. Successful exploitation could l...

This vulnerability allows a privileged guest user in QEMU virtual machines to trigger an out-of-bounds write in the virtio vhost-user GPU device. It can crash the QEMU process on the host (denial of s...

This vulnerability in QEMU's PCIe Single Root I/O Virtualization (SR-IOV) implementation allows attackers with guest VM access to potentially manipulate Virtual Function (VF) enable bits incorrectly. ...

A vulnerability in QEMU's USB endpoint handling allows unprivileged guest users to trigger an assertion failure, crashing the QEMU process on the host. This causes a denial of service affecting any ho...

A heap overflow vulnerability in QEMU's virtio-net device allows privileged guest users to crash the host QEMU process by manipulating RSS indirections_table values. This affects virtualization enviro...

This vulnerability in QEMU's VMWare paravirtual RDMA device allows a malicious guest VM driver to allocate excessive page tables, potentially causing an out-of-bounds read and QEMU crash. It affects s...