qemu (SUSE:Enterprise Storage 7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 7 package qemu, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-35414 — CVSS 8.8 (high): softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex…
CVE-2021-4206 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation…
CVE-2021-4207 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and…
CVE-2022-4144 — CVSS 6.5 (medium): An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of…
CVE-2021-3507 — CVSS 6.1 (medium): A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler()…
CVE-2021-3409 — CVSS 5.7 (medium): The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access…
CVE-2022-0216 — CVSS 4.4 (medium): A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing…