QEMU 9.0.0 Release Candidate 2

CPE Details

QEMU 9.0.0 Release Candidate 2
9.0.0
2025-02-24
13h09 +00:00
2025-02-24
13h09 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:qemu:qemu:9.0.0:rc2:*:*:*:*:*:*

Informations

Vendor

qemu

Product

qemu

Version

9.0.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-3567 2024-04-10 14h32 +00:00 A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
5.5
Medium
CVE-2023-1386 2023-07-24 15h19 +00:00 A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.
7.8
High
CVE-2021-20255 2021-03-09 18h14 +00:00 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
5.5
Medium
CVE-2017-5957 2017-03-14 13h00 +00:00 Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
5.5
Medium