qemu (SUSE:Linux Enterprise Module for Server Applications 15 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 SP1 package qemu, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2019-14378 — CVSS 8.8 (high): ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the…
CVE-2019-13164 — CVSS 7.8 (high): qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge…
CVE-2020-1711 — CVSS 7.7 (high): An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a…
CVE-2019-12155 — CVSS 7.5 (high): interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVE-2019-5008 — CVSS 7.5 (high): hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a…
CVE-2020-1983 — CVSS 7.5 (high): A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of…
CVE-2018-12207 — CVSS 6.5 (medium): Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an…
CVE-2019-11135 — CVSS 6.5 (medium): TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable…
CVE-2019-15034 — CVSS 5.8 (medium): hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving…
CVE-2020-7039 — CVSS 5.6 (medium): tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can…
CVE-2020-8608 — CVSS 5.6 (medium): In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2018-20126 — CVSS 5.5 (medium): hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
CVE-2019-12068 — CVSS 3.8 (low): In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed)…
CVE-2019-20382 — CVSS 3.5 (low): QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused…