qemu (SUSE:Linux Enterprise Module for Server Applications 15 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 SP5 package qemu, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (20)
CVE-2024-24474 — CVSS 8.8 (high): QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is…
CVE-2024-3446 — CVSS 8.2 (high): A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard…
CVE-2024-4467 — CVSS 7.8 (high): A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value…
CVE-2023-3354 — CVSS 7.5 (high): A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of…
CVE-2024-7409 — CVSS 7.5 (high): A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during…
CVE-2023-6683 — CVSS 6.5 (medium): A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be…
CVE-2023-3255 — CVSS 6.5 (medium): A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite…
CVE-2021-3638 — CVSS 6.5 (medium): An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while…
CVE-2023-3180 — CVSS 6.0 (medium): A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req…
CVE-2024-26328 — CVSS 6.0 (medium): An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and…
CVE-2023-2861 — CVSS 6.0 (medium): A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on…
CVE-2024-3447 — CVSS 6.0 (medium): A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size…
CVE-2023-1544 — CVSS 6.0 (medium): A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and…
CVE-2023-3019 — CVSS 6.0 (medium): A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a…
CVE-2023-3301 — CVSS 5.6 (medium): A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the…
CVE-2024-8354 — CVSS 5.5 (medium): A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB…
CVE-2023-0330 — CVSS 5.3 (medium): A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption…
CVE-2024-26327 — CVSS 5.3 (medium): An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes…
CVE-2023-6693 — CVSS 4.9 (medium): A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx…
CVE-2024-8612 — CVSS 3.8 (low): A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in…