seabios-bin (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package seabios-bin, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (86)
CVE-2020-14339 — CVSS 8.8 (high): A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows…
CVE-2024-3446 — CVSS 8.2 (high): A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard…
CVE-2021-4207 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and…
CVE-2021-3750 — CVSS 8.2 (high): A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its…
CVE-2020-35517 — CVSS 8.2 (high): A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest…
CVE-2021-4206 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation…
CVE-2022-30784 — CVSS 7.8 (high): A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-46790 — CVSS 7.8 (high): ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck…
CVE-2024-4467 — CVSS 7.8 (high): A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value…
CVE-2021-39263 — CVSS 7.8 (high): A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G <…
CVE-2021-39262 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-39261 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39260 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
CVE-2021-39259 — CVSS 7.8 (high): A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in…
CVE-2021-39258 — CVSS 7.8 (high): A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
CVE-2021-39256 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
CVE-2021-39255 — CVSS 7.8 (high): A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
CVE-2021-39254 — CVSS 7.8 (high): A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function…
CVE-2021-39253 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
CVE-2021-39252 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
CVE-2021-33285 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap…
CVE-2021-33286 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and…
CVE-2021-33287 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow…
CVE-2021-33289 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and…
CVE-2021-39251 — CVSS 7.8 (high): A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
CVE-2021-35266 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur…
CVE-2021-35268 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow…
CVE-2021-35267 — CVSS 7.8 (high): NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code…
CVE-2021-35269 — CVSS 7.8 (high): NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap…
CVE-2022-40284 — CVSS 7.8 (high): A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker…
CVE-2022-30789 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2020-1983 — CVSS 7.5 (high): A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of…
CVE-2021-3748 — CVSS 7.5 (high): A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non…
CVE-2022-26353 — CVSS 7.5 (high): A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to…
CVE-2023-3354 — CVSS 7.5 (high): A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of…
CVE-2024-7409 — CVSS 7.5 (high): A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during…
CVE-2025-11234 — CVSS 7.5 (high): A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This…
CVE-2024-7383 — CVSS 7.4 (high): A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD…
CVE-2020-13754 — CVSS 6.7 (medium): hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-25637 — CVSS 6.7 (medium): A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about…
CVE-2020-10703 — CVSS 6.5 (medium): A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for…
CVE-2022-4144 — CVSS 6.5 (medium): An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of…
CVE-2021-20295 — CVSS 6.5 (medium): It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum…
CVE-2021-20257 — CVSS 6.5 (medium): An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in…
CVE-2021-3667 — CVSS 6.5 (medium): An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath…
CVE-2021-3930 — CVSS 6.5 (medium): An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in…
CVE-2020-10756 — CVSS 6.5 (medium): An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the…
CVE-2022-3165 — CVSS 6.5 (medium): An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious…
CVE-2020-14301 — CVSS 6.5 (medium): An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were…
CVE-2021-20196 — CVSS 6.5 (medium): A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport…
CVE-2021-3975 — CVSS 6.5 (medium): A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple…
CVE-2021-4145 — CVSS 6.5 (medium): A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced…
CVE-2020-27617 — CVSS 6.5 (medium): eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via…
CVE-2021-3631 — CVSS 6.3 (medium): A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to…
CVE-2024-4418 — CVSS 6.2 (medium): A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop()…
CVE-2021-3416 — CVSS 6.0 (medium): A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The…
CVE-2021-20221 — CVSS 6.0 (medium): An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu…
CVE-2020-27821 — CVSS 6.0 (medium): A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an…
CVE-2021-4158 — CVSS 6.0 (medium): A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to…
CVE-2025-49133 — CVSS 5.9 (medium): Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived…
CVE-2019-20485 — CVSS 5.7 (medium): qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers…
CVE-2023-3301 — CVSS 5.6 (medium): A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the…
CVE-2023-2700 — CVSS 5.5 (medium): A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that…
CVE-2020-28916 — CVSS 5.5 (medium): hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2021-39257 — CVSS 5.5 (medium): A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite)…
CVE-2023-1018 — CVSS 5.5 (medium): An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the…
CVE-2021-3504 — CVSS 5.4 (medium): A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function…
CVE-2022-0485 — CVSS 4.8 (medium): A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was…
CVE-2021-3622 — CVSS 4.3 (medium): A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would…
CVE-2020-29129 — CVSS 4.3 (medium): ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the…
CVE-2020-29130 — CVSS 4.3 (medium): slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the…
CVE-2020-29443 — CVSS 3.9 (low): ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-11947 — CVSS 3.8 (low): iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process…
CVE-2021-3595 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input()…
CVE-2021-3592 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input()…
CVE-2021-3593 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input()…
CVE-2021-3594 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input()…
CVE-2020-16092 — CVSS 3.8 (low): In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network…
CVE-2020-15859 — CVSS 3.3 (low): QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to…
CVE-2022-26354 — CVSS 3.2 (low): A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing…
CVE-2020-25723 — CVSS 3.2 (low): A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing…
CVE-2021-3716 — CVSS 3.1 (low): A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use…
CVE-2020-25707: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-2891