%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
qemu
Version
8.2.7
Type
library
Description
Fast open source processor emulator
Licenses
GPL-2.0-only & LGPL-2.1-only
PURL
-
CPE
cpe:2.3:*:qemu:qemu:8.2.7:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
python: backport 'avoid creating additional event loops per
John Snow <jsnow@redhat.com>
2
hw/pvrdma: Protect against buggy or malicious guest driver
Yuval Shaia <yuval.shaia.ml@gmail.com>
CVE-2022-1050
3
linux-user/loongarch64: Remove TARGET_FORCE_SHMLBA
Richard Henderson <richard.henderson@linaro.org>
4
tests/tcg: Check that shmat() does not break
Ilya Leoshkevich <iii@linux.ibm.com>
5
configure: Add pkg-config handling for libgcrypt
He Zhe <zhe.he@windriver.com>
6
io: fix use after free in websocket handshake code
=?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
CVE-2025-11234
7
linux-user/*: workaround for missing MAP_FIXED_NOREPLACE
Frederic Konrad <fkonrad@amd.com>
8
linux-user: Replace use of lfs64 related functions and
Khem Raj <raj.khem@gmail.com>
9
tests/meson.build: use relative path to refer to files
Changqing Li <changqing.li@windriver.com>
10
apic: fixup fallthrough to PIC
Mark Asselstine <mark.asselstine@windriver.com>
11
net: pad packets to minimum length in qemu_receive_packet()
Peter Maydell <peter.maydell@linaro.org>
CVE-2025-12464
12
Patch #12
Unknown
13
qemu: Determinism fixes
Richard Purdie <richard.purdie@linuxfoundation.org>
14
qemu: Add addition environment space to boot loader
Jason Wessel <jason.wessel@windriver.com>
15
Patch #15
Richard Purdie <richard.purdie@linuxfoundation.org>
16
linux-user: Split out do_munmap
Richard Henderson <richard.henderson@linaro.org>
17
Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux
Khem Raj <raj.khem@gmail.com>
18
qemu: Do not include file if not exists
Oleksiy Obitotskyy <oobitots@cisco.com>
19
io: move websock resource release to close method
=?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
CVE-2025-11234
20
hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint
Peter Maydell <peter.maydell@linaro.org>
CVE-2024-8354
21
sched_attr: Do not define for glibc >= 2.41
Khem Raj <raj.khem@gmail.com>
22
python: backport 'Remove deprecated get_event_loop calls'
John Snow <jsnow@redhat.com>
23
linux-user/*: workaround for missing MAP_SHARED_VALIDATE
Frederic Konrad <fkonrad@amd.com>
24
linux-user: Rewrite target_shmat
Richard Henderson <richard.henderson@linaro.org>
25
qemu: Add some user space mmap tweaks to address musl
Richard Purdie <richard.purdie@linuxfoundation.org>
26
linux-user: Add strace for shmat
Richard Henderson <richard.henderson@linaro.org>
Vulnerabilities#
Name
Analysis
Description
Exploitable
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
Exploitable
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
Patched
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.
Patched
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
Patched
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.
Exploitable
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.
Exploitable
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.
Patched
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
Exploitable
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.