Search CVE reports
301 – 310 of 396 results
CVE-2015-3209
High prioritySome fixes available 6 of 7
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
3 affected packages
qemu, qemu-kvm, xen
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| xen | — | — | — | — | — |
CVE-2015-4106
Medium prioritySome fixes available 5 of 6
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain...
3 affected packages
qemu, qemu-kvm, xen
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| xen | — | — | — | — | — |
CVE-2015-4105
Medium prioritySome fixes available 5 of 6
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
3 affected packages
qemu, qemu-kvm, xen
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| xen | — | — | — | — | — |
CVE-2015-4104
Medium prioritySome fixes available 5 of 6
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
3 affected packages
qemu, qemu-kvm, xen
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| xen | — | — | — | — | — |
CVE-2015-4103
Medium prioritySome fixes available 5 of 6
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via...
3 affected packages
qemu, qemu-kvm, xen
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| xen | — | — | — | — | — |
CVE-2015-4037
Low priorityThe slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
CVE-2015-3456
High priorityThe Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1)...
4 affected packages
qemu, qemu-kvm, virtualbox, xen
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| virtualbox | — | — | — | — | — |
| xen | — | — | — | — | — |
CVE-2014-9718
Low prioritySome fixes available 2 of 4
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
CVE-2015-2756
Low prioritySome fixes available 6 of 8
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the...
4 affected packages
qemu, qemu-kvm, xen, xen-3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |
| xen | — | — | — | — | — |
| xen-3.3 | — | — | — | — | — |
CVE-2015-1779
Low priorityThe VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qemu | — | — | — | — | — |
| qemu-kvm | — | — | — | — | — |