QEMU

CVEs related to bugs in QEMU

Open bugs

There are no CVEs related to bugs open in QEMU.

Resolved bugs

Bug	CVE(s)
Bug #458201: kernel stacktrace on volume detach in kvm guest	CVE-2010-1187
QEMU	Invalid (unassigned)
Bug #697197: Empty password allows access to VNC in libvirt	CVE-2011-0011
QEMU	Fix released (unassigned)
Bug #807893: qemu privilege escalation	CVE-2011-2527
QEMU	Fix released, assigned to Stefan Hajnoczi
Bug #1303926: qemu-system-x86_64 crashed with SIGABRT	CVE-2013-4344 CVE-2014-0150 CVE-2014-2894
QEMU	Fix released (unassigned)
Bug #1581936: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	CVE-2017-7377 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-8379
QEMU	Fix released (unassigned)
Bug #1718964: Memory leak when using websocket over a low speed network	CVE-2017-15268
QEMU	Fix released, assigned to Daniel Berrange
Bug #1736376: CVE-2017-7471 repeated?	CVE-2017-7471
QEMU	Invalid (unassigned)
Bug #1749393: sbrk() not working under qemu-user with a PIE-compiled binary?	CVE-2020-10702 CVE-2020-10717 CVE-2020-10761 CVE-2020-11102 CVE-2020-11869 CVE-2020-12829 CVE-2020-13253 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13791 CVE-2020-13800 CVE-2020-15863
QEMU	Fix released (unassigned)
Bug #1788665: Low 2D graphics performance with Windows 10 (1803) VGA passthrough VM using "Spectre" protection	CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3615 CVE-2018-3639 CVE-2018-3640
QEMU	Expired (unassigned)
Bug #1805256: qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	CVE-2020-10756 CVE-2020-12829 CVE-2020-13253 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765 CVE-2020-15863 CVE-2020-16092
QEMU	Fix released (unassigned)
Bug #1834113: QEMU touchpad input erratic after wakeup from sleep	CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-10132 CVE-2019-11091 CVE-2019-3886 CVE-2019-5008 CVE-2019-9824
QEMU	Expired (unassigned)
Bug #1837094: UndefinedBehaviorSanitizer crash around slirp::ip_reass()	CVE-2020-1983
QEMU	Fix released (unassigned)
Bug #1852196: update edk2 submodule & binaries to edk2-stable202008	CVE-2019-14553 CVE-2019-1543 CVE-2019-1552 CVE-2019-1563
QEMU	Fix released, assigned to Laszlo Ersek (Red Hat)
Bug #1858415: in tcp_emu function has OOB bug	CVE-2020-7039
QEMU	Fix released, assigned to Samuel thibault
Bug #1859713: ARM v8.3a pauth not working	CVE-2020-10702
QEMU	Fix released, assigned to Richard Henderson
Bug #1863025: Use-after-free after flush in TCG accelerator	CVE-2020-24165 CVE-2022-36648
QEMU	Fix released, assigned to Alex Bennée
Bug #1880822: CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS	CVE-2020-13253
QEMU	Fix released, assigned to Philippe Mathieu-Daudé
Bug #1883984: QEMU S/390x sqxbr (128-bit IEEE 754 square root) crashes qemu-system-s390x	CVE-2020-13754
QEMU	Fix released (unassigned)
Bug #1886318: Qemu after v5.0.0 breaks macos guests	CVE-2020-13754
QEMU	Fix released (unassigned)
Bug #1897481: qemu crashes with VGA pass-through, e-GPU, nvidia 1060	CVE-2018-3646
QEMU	Expired (unassigned)
Bug #1901532: Assertion failure `mr != NULL' failed through usb-ehci	CVE-2020-25723
QEMU	Fix released (unassigned)
Bug #1907497: [OSS-Fuzz] Issue 28435 qemu:qemu-fuzz-i386-target-generic-fuzz-intel-hda: Stack-overflow in ldl_le_dma	CVE-2021-3611
QEMU	Invalid (unassigned)
Bug #1907952: qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0	CVE-2020-17380 CVE-2020-25085 CVE-2021-3392 CVE-2021-3409
QEMU	Fix released (unassigned)
Bug #1909247: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c	CVE-2020-35506
QEMU	Fix released (unassigned)
Bug #1909418: QEMU: Heap Overflow vulnerability in SDHCI Component	CVE-2020-25085
QEMU	Fix released, assigned to Philippe Mathieu-Daudé
Bug #1910723: NULL pointer dereference issues in am53c974 SCSI host bus adapter	CVE-2020-35504 CVE-2020-35505
QEMU	Fix released (unassigned)
Bug #1911666: ZDI-CAN-10904: QEMU Plan 9 File System TOCTOU Privilege Escalation Vulnerability	CVE-2021-20181
QEMU	Fix released, assigned to Greg Kurz
Bug #1912780: QEMU: Null Pointer Failure in fdctrl_read() in hw/block/fdc.c	CVE-2021-20196
QEMU	Expired (unassigned)
Bug #1913873: QEMU: net: vmxnet: integer overflow may crash guest	CVE-2021-20203
QEMU	Expired (unassigned)
Bug #1914236: QEMU: scsi: use-after-free in mptsas_process_scsi_io_request() of mptsas1068 emulator	CVE-2021-3392
QEMU	Fix released (unassigned)
Bug #1914353: QEMU: aarch64: :GIC: out-of-bounds access via interrupt ID	CVE-2021-20221
QEMU	Fix released (unassigned)