Search CVE reports
141 – 150 of 471 results
Some fixes available 18 of 32
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
5 affected packages
libslirp, qemu, qemu-kvm, slirp, slirp4netns
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libslirp | Fixed | Fixed | Fixed | Not in release |
| qemu | Not affected | Not affected | Not affected | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| slirp | Vulnerable | Vulnerable | Vulnerable | Fixed |
| slirp4netns | Not affected | Not affected | Needs evaluation | Not in release |
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
3 affected packages
libslirp, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libslirp | — | — | — | Not in release |
| qemu | — | — | — | Not affected |
| qemu-kvm | — | — | — | Not in release |
Some fixes available 7 of 10
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS...
4 affected packages
slirp, libslirp, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| slirp | Not affected | Not affected | Not affected | Fixed |
| libslirp | Not affected | Not affected | Not affected | Not in release |
| qemu | Not affected | Not affected | Not affected | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Not affected |
| qemu-kvm | — | — | — | Not in release |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged...
6 affected packages
kvm, qemu, qemu-kvm, xen-3.1, xen-3.2, xen-3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
| xen-3.1 | — | — | — | — |
| xen-3.2 | — | — | — | — |
| xen-3.3 | — | — | — | — |
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
Some fixes available 16 of 147
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
20 affected packages
vde2, android, libslirp, virtualbox, basilisk2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| android | Not in release | Not in release | Not in release | Not in release |
| libslirp | Not affected | Not affected | Not affected | Not in release |
| virtualbox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ns3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qemu | Fixed | Fixed | Fixed | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release |
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox-hwe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected |
| redboot-imx | Not in release | Not in release | Not in release | Needs evaluation |
| slirp4netns | Not affected | Not affected | Not affected | Not in release |
| virtualbox-lts-vivid | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-wily | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-xenial | Not in release | Not in release | Not in release | Not in release |
Some fixes available 16 of 99
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
13 affected packages
fs-uae, libslirp, qemu, basilisk2, bochs...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libslirp | Not affected | Not affected | Not affected | Not in release |
| qemu | Fixed | Fixed | Fixed | Fixed |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected |
| android | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release |
| slirp4netns | Not affected | Not affected | Not affected | Not in release |
Some fixes available 5 of 6
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Fixed |
| qemu-kvm | — | — | — | Not in release |
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |