GCVE - cpe:2.3:a:n/a:qemu-kvm:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:qemu-kvm:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Qemu Kvm (`10c52259-981e-506f-9827-bf667b54ff85`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4135`	not_vulnerable	2026-06-08 06:16:11.569303	Out-of-bounds read information disclosure vulnerability MEDIUM (6) A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. Published: 2023-08-04T13:19:15.760Z Updated: 2024-08-02T07:17:11.930Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2023-4135 https://bugzilla.redhat.com/show_bug.cgi?id=2229101 https://security.netapp.com/advisory/ntap-20230915-0012/ https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26354`	vulnerable	2026-06-08 05:41:51.344394	Details available A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. Published: 2022-03-16T14:02:34.000Z Updated: 2024-08-03T05:03:32.576Z Open on db.gcve.eu Reference links https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://security.netapp.com/advisory/ntap-20220425-0003/ https://www.debian.org/security/2022/dsa-5133 https://security.gentoo.org/glsa/202208-27	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26353`	vulnerable	2026-06-08 05:41:51.343366	Details available A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. Published: 2022-03-16T14:02:33.000Z Updated: 2024-08-03T05:03:32.949Z Open on db.gcve.eu Reference links https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37 https://security.netapp.com/advisory/ntap-20220425-0003/ https://www.debian.org/security/2022/dsa-5133 https://security.gentoo.org/glsa/202208-27	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.