Versions
before 1.6.2
before 2.0
QEMU versions prior to 7.0.0
Affected:up to latest v7.1.0-rc4
qemu 2.17.2
qemu-kvm 6.2.0-rc2
between 2.10.0 and 5.2.0
before 1.7.2
Will be fixed in QEMU 7.2.0-rc0
qemu 2.20.1
Affects qemu v4.0 to v6.1
All QEMU versions before and including 6.0
Affects QEMU < v6.0.0, Fixed in v7.1.0-rc0
qemu 5.2.50
QEMU 6.1.50
qemu-kvm 4.2.0-34
qemu-kvm 6.1.0
libslirp 4.6.0
qemu 6.1.0-rc2
qemu-kvm 6.2.0
up to (including) 5.2.0
Fixed-In v6.2.0
qemu 6.0.0
All QEMU versions up to and including 6.0
Affects v6.0.0 and above.
Not Known
qemu-kvm 7.0.0
QEMU before version 7.0.0
Fixed in qemu-kvm 7.0.0-rc0
qemu-kvm 6.2.0-rc0
prior to 5.2.0
qemu 6.2.0-rc0
versions up to and including 5.2.0
up to 6.0.0 (including)
QEMU versions before 5.2.0
Affected 6.1.0 and later. Will be fixed in 7.2.0-rc0.
all versions
up to, including qemu 4.2.0
up to, including 5.2.0
qemu-kvm 1.5.3
8.1.0-rc0
vulnerable up to (including) qemu 5.2.0
qemu 5.2.0
versions up to v5.2.0
Recent CVEs
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
CVE-2022-3872
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3735
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVE-2022-0216
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
CVE-2021-3929
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2020-14394
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
CVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.