Search CVE reports

121 – 130 of 396 results

Detailed view

Sort by:

CVE-2017-18043

Low priority

Fixed

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Not affected	Not affected	Fixed
qemu-kvm	—	—	Not in release	Not in release	Not in release

The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Not affected	Not affected	Not affected
qemu-kvm	—	—	Not in release	Not in release	Not in release

CVE-2018-5683

Low priority

Fixed

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Fixed	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release	Not in release

CVE-2017-15124

Low priority

Some fixes available 1 of 4

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	—	Ignored
qemu-kvm	—	—	—	—	Not in release

CVE-2017-5715

High priority

Some fixes available 45 of 56

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

86 affected packages

amd64-microcode, firefox, intel-microcode, libvirt, linux...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
amd64-microcode	Not affected	Not affected	Not affected	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Fixed	Fixed
intel-microcode	Not affected	Not affected	Not affected	Not affected	Fixed
libvirt	Not affected	Not affected	Not affected	Not affected	Fixed
linux	Not affected	Not affected	Not affected	Not affected	Fixed
linux-aws	Not affected	Not affected	Not affected	Not affected	Fixed
linux-aws-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-aws-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-fips	Not in release	Not in release	Not in release	Not in release	Ignored
linux-aws-hwe	Not in release	Not in release	Not in release	Not in release	Not affected
linux-azure	Not affected	Not affected	Not affected	Not affected	Fixed
linux-azure-4.15	Not in release	Not in release	Not in release	Not affected	Not in release
linux-azure-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-azure-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-edge	Not in release	Not in release	Not in release	Not affected	Not in release
linux-azure-fde	Not in release	Not affected	Ignored	Not in release	Not in release
linux-azure-fde-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-fips	Not in release	Not in release	Not in release	Not in release	Ignored
linux-bluefield	Not in release	Not in release	Not affected	Not in release	Not in release
linux-euclid	—	—	—	Not in release	Fixed
linux-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-flo	—	—	—	Not in release	Ignored
linux-gcp	Not affected	Not affected	Not affected	Not affected	Fixed
linux-gcp-4.15	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gcp-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gcp-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-fips	Not in release	Not in release	Not in release	Not in release	Ignored
linux-gke	Not affected	Not affected	Ignored	Not in release	Ignored
linux-gkeop	Not in release	Not affected	Not affected	Not in release	Not in release
linux-gkeop-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-goldfish	—	—	—	Not in release	Ignored
linux-grouper	—	—	—	Not in release	Not in release
linux-hwe	Not in release	Not in release	Not in release	Not affected	Fixed
linux-hwe-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-hwe-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-edge	Not in release	Not in release	Not in release	Not affected	Fixed
linux-ibm	Not affected	Not affected	Not affected	Not in release	Not in release
linux-ibm-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-ibm-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-intel	Not affected	Not in release	Not in release	Not in release	Not in release
linux-intel-iot-realtime	Not in release	Not in release	Not in release	Not in release	Not in release
linux-intel-iotg	Not in release	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-iot	Not in release	Not in release	Not affected	Not in release	Not in release
linux-kvm	Not in release	Not affected	Not affected	Not affected	Fixed
linux-lowlatency	Not affected	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-lowlatency-hwe-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lts-quantal	—	—	—	Not in release	Not in release
linux-lts-raring	—	—	—	Not in release	Not in release
linux-lts-saucy	—	—	—	Not in release	Not in release
linux-lts-trusty	—	—	—	Not in release	Not in release
linux-lts-utopic	—	—	—	Not in release	Not in release
linux-lts-vivid	—	—	—	Not in release	Not in release
linux-lts-wily	—	—	—	Not in release	Not in release
linux-lts-xenial	Not in release	Not in release	Not in release	Not in release	Not in release
linux-maguro	—	—	—	Not in release	Not in release
linux-mako	—	—	—	Not in release	Ignored
linux-manta	—	—	—	Not in release	Not in release
linux-nvidia	Not affected	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-lowlatency	Not affected	Not in release	Not in release	Not in release	Not in release
linux-oem	Not in release	Not in release	Not in release	Not affected	Fixed
linux-oem-6.8	Not affected	Not in release	Not in release	Not in release	Not in release
linux-oracle	Not affected	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-oracle-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-raspi	Not affected	Not affected	Not affected	Not in release	Not in release
linux-raspi-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-raspi-realtime	Not in release	Not in release	Not in release	Not in release	Not in release
linux-raspi2	Not in release	Not in release	Ignored	Not affected	Fixed
linux-realtime	Not in release	Ignored	Not in release	Not in release	Not in release
linux-riscv	Not affected	Ignored	Ignored	Not in release	Not in release
linux-riscv-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-riscv-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-snapdragon	Not in release	Not in release	Not in release	Not affected	Fixed
linux-xilinx-zynqmp	Not in release	Not affected	Not affected	Not in release	Not in release
qemu	Not affected	Not affected	Not affected	Fixed	Fixed
qemu-kvm	—	—	—	Not in release	Not in release
webkit2gtk	Not affected	Not affected	Not affected	Not affected	Fixed

CVE-2017-17381

Low priority

Some fixes available 2 of 3

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	—	Fixed
qemu-kvm	—	—	—	—	Not in release

CVE-2017-15119

Medium priority

Some fixes available 2 of 3

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	—	Fixed
qemu-kvm	—	—	—	—	Not in release

CVE-2017-15118

Medium priority

Some fixes available 1 of 2

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	—	Not affected
qemu-kvm	—	—	—	—	Not in release

CVE-2017-16845

Low priority

Some fixes available 3 of 4

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Fixed	Fixed
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2017-15289

Low priority

Some fixes available 3 of 4

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Not affected	Not affected	Fixed
qemu-kvm	—	—	Not in release	Not in release	Not in release

Export to JSON

Results by page: