Search CVE reports

191 – 200 of 471 results

Detailed view

Sort by:

CVE-2018-7858

Medium priority

Fixed

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	—	Fixed
qemu-kvm	—	—	—	Not in release

CVE-2018-7550

Medium priority

Fixed

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release

CVE-2017-18043

Low priority

Fixed

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Not affected	Not affected
qemu-kvm	—	—	Not in release	Not in release

CVE-2017-18030

Low priority

Not affected

The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Not affected	Not affected
qemu-kvm	—	—	Not in release	Not in release

CVE-2018-5683

Low priority

Fixed

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release

CVE-2017-15124

Low priority

Some fixes available 1 of 4

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	—	—
qemu-kvm	—	—	—	—

CVE-2017-5715

High priority

Some fixes available 46 of 56

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

87 affected packages

linux, linux-goldfish, linux-grouper, linux-lts-quantal, linux-lts-raring...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	Not affected	Not affected	Not affected	Not affected
linux-goldfish	—	—	—	Not in release
linux-grouper	—	—	—	Not in release
linux-lts-quantal	—	—	—	Not in release
linux-lts-raring	—	—	—	Not in release
linux-lts-saucy	—	—	—	Not in release
linux-aws	Not affected	Not affected	Not affected	Not affected
linux-flo	—	—	—	Not in release
linux-gke	Not affected	Not affected	Ignored	Not in release
linux-hwe	Not in release	Not in release	Not in release	Not affected
linux-lts-utopic	—	—	—	Not in release
linux-lts-vivid	—	—	—	Not in release
linux-lts-wily	—	—	—	Not in release
linux-lts-xenial	Not in release	Not in release	Not in release	Not in release
linux-mako	—	—	—	Not in release
linux-manta	—	—	—	Not in release
linux-raspi2	Not in release	Not in release	Ignored	Not affected
linux-snapdragon	Not in release	Not in release	Not in release	Not affected
amd64-microcode	Not affected	Not affected	Not affected	Fixed
firefox	Not affected	Not affected	Not in release	Fixed
intel-microcode	Not affected	Not affected	Not affected	Not affected
libvirt	Not affected	Not affected	Not affected	Not affected
linux-azure	Not affected	Not affected	Not affected	Not affected
linux-azure-edge	Not in release	Not in release	Not in release	Not affected
linux-euclid	—	—	—	Not in release
linux-gcp	Not affected	Not affected	Not affected	Not affected
linux-kvm	Not in release	Not affected	Not affected	Not affected
linux-oem	Not in release	Not in release	Not in release	Not affected
qemu	Not affected	Not affected	Not affected	Fixed
linux-hwe-edge	Not in release	Not in release	Not in release	Not affected
linux-lts-trusty	—	—	—	Not in release
linux-maguro	—	—	—	Not in release
qemu-kvm	—	—	—	Not in release
webkit2gtk	Not affected	Not affected	Not affected	Not affected
linux-hwe-5.4	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.15	Not in release	Not in release	Not affected	Not in release
linux-hwe-6.8	Not in release	Not affected	Not in release	Not in release
linux-aws-5.4	Not in release	Not in release	Not in release	Not affected
linux-aws-5.15	Not in release	Not in release	Not affected	Not in release
linux-aws-hwe	Not in release	Not in release	Not in release	Not in release
linux-azure-4.15	Not in release	Not in release	Not in release	Not affected
linux-azure-5.4	Not in release	Not in release	Not in release	Not affected
linux-azure-5.15	Not in release	Not in release	Not affected	Not in release
linux-azure-fde	Not in release	Not affected	Ignored	Not in release
linux-azure-fde-5.15	Not in release	Not in release	Not affected	Not in release
linux-bluefield	Not in release	Not in release	Not affected	Not in release
linux-fips	Not in release	Not affected	Not affected	Not affected
linux-aws-fips	Not in release	Not affected	Not affected	Not affected
linux-azure-fips	Not in release	Not affected	Not affected	Not affected
linux-gcp-fips	Not in release	Not affected	Not affected	Not affected
linux-gcp-4.15	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.4	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.15	Not in release	Not in release	Not affected	Not in release
linux-gkeop	Not affected	Not affected	Not affected	Not in release
linux-gkeop-5.15	Not in release	Not in release	Not affected	Not in release
linux-ibm	Not affected	Not affected	Not affected	Not in release
linux-ibm-5.4	Not in release	Not in release	Not in release	Not affected
linux-ibm-5.15	Not in release	Not in release	Not affected	Not in release
linux-intel	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg	Not in release	Not affected	Not in release	Not in release
linux-intel-iotg-5.15	Not in release	Not in release	Not affected	Not in release
linux-iot	Not in release	Not in release	Not affected	Not in release
linux-intel-iot-realtime	Not in release	Not affected	Not in release	Not in release
linux-lowlatency	Not affected	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.15	Not in release	Not in release	Not affected	Not in release
linux-lowlatency-hwe-6.8	Not in release	Not affected	Not in release	Not in release
linux-nvidia	Not affected	Not affected	Not in release	Not in release
linux-nvidia-6.5	Not in release	Not affected	Not in release	Not in release
linux-nvidia-6.8	Not in release	Not affected	Not in release	Not in release
linux-nvidia-lowlatency	Not affected	Not in release	Not in release	Not in release
linux-oracle	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.4	Not in release	Not in release	Not in release	Not affected
linux-oracle-5.15	Not in release	Not in release	Not affected	Not in release
linux-oem-6.8	Not affected	Not in release	Not in release	Not in release
linux-raspi	Not affected	Not affected	Not affected	Not in release
linux-raspi-5.4	Not in release	Not in release	Not in release	Not affected
linux-raspi-realtime	Not affected	Not in release	Not in release	Not in release
linux-realtime	Not affected	Not affected	Not in release	Not in release
linux-riscv	Not affected	Ignored	Ignored	Not in release
linux-riscv-5.15	Not in release	Not in release	Not affected	Not in release
linux-riscv-6.8	Not in release	Not affected	Not in release	Not in release
linux-xilinx-zynqmp	Not in release	Not affected	Not affected	Not in release
linux-aws-6.8	Not in release	Not affected	Not in release	Not in release
linux-gcp-6.8	Not in release	Not affected	Not in release	Not in release
linux-oracle-6.8	Not in release	Not affected	Not in release	Not in release
linux-azure-6.8	Not in release	Not affected	Not in release	Not in release
linux-oem-6.11	Not affected	Not in release	Not in release	Not in release

CVE-2017-17381

Low priority

Some fixes available 2 of 3

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	—	—
qemu-kvm	—	—	—	—

CVE-2017-15119

Medium priority

Some fixes available 2 of 3

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	—	—
qemu-kvm	—	—	—	—

CVE-2017-15118

Medium priority

Some fixes available 1 of 2

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qemu	—	—	—	—
qemu-kvm	—	—	—	—

Export to JSON

Results by page: