Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu 6.1.0 vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2021-4145
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions before 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to ...
Qemu Qemu 6.1.0
Redhat Enterprise Linux 8.0
6
CVSSv2
CVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions before 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with ...
Qemu Qemu 6.1.0
Qemu Qemu
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2021-3735
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the Q...
Qemu Qemu 6.1.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.9
CVSSv2
CVE-2021-3608
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions before 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of ...
Qemu Qemu
Debian Debian Linux 10.0
Fedoraproject Fedora 34
4.9
CVSSv2
CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions before 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest ...
Qemu Qemu
Debian Debian Linux 10.0
Fedoraproject Fedora 34
4.6
CVSSv2
CVE-2015-4106
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact vi...
Qemu Qemu
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Software Development Kit 12
Citrix Xenserver 6.0
Citrix Xenserver 6.0.2
Citrix Xenserver 6.1.0
Citrix Xenserver 6.2.0
Citrix Xenserver 6.5
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 15.04
4
CVSSv2
CVE-2020-12430
An issue exists in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x prior to 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unpri...
Redhat Libvirt
Redhat Enterprise Linux 8.0
NA
CVE-2024-26597
In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: ====...
Linux Linux Kernel
NA
CVE-2024-26608
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started