Nixpkgs security tracker

Untriaged

Permalink CVE-2013-4536

created 1 month, 4 weeks ago

An user able to alter the savevm data (either on …

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1066401 x_transferredx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210727-0002/ x_refsource_CONFIRMx_transferred

Affected products

qemu

==qemu-kvm 1.5.3

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.canokey-qemu

CanoKey QEMU Virt Card

pkgs.ubootQemuX86

Boot loader for embedded systems

nixos-unstable x86_defconfig-2025.10
- nixpkgs-unstable x86_defconfig-2025.10
- nixos-unstable-small x86_defconfig-2025.10
nixos-25.11 x86_defconfig-2025.10
- nixos-25.11-small x86_defconfig-2025.10
- nixpkgs-25.11-darwin x86_defconfig-2025.10

pkgs.ubootQemuX86_64

Boot loader for embedded systems

nixos-unstable x86_64_defconfig-2025.10
- nixpkgs-unstable x86_64_defconfig-2025.10
- nixos-unstable-small x86_64_defconfig-2025.10
nixos-25.11 x86_64_defconfig-2025.10
- nixos-25.11-small x86_64_defconfig-2025.10
- nixpkgs-25.11-darwin x86_64_defconfig-2025.10

pkgs.ubootQemuAarch64

Boot loader for embedded systems

nixos-unstable qemu_arm64_defconfig-2025.10
- nixpkgs-unstable qemu_arm64_defconfig-2025.10
- nixos-unstable-small qemu_arm64_defconfig-2025.10
nixos-25.11 qemu_arm64_defconfig-2025.10
- nixos-25.11-small qemu_arm64_defconfig-2025.10
- nixpkgs-25.11-darwin qemu_arm64_defconfig-2025.10

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python314Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5
nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python314Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@oxalica oxalica <oxalicc@pm.me>
@DavHau David Hauer <d.hauer.it@gmail.com>
@devplayer0 Jack O'Sullivan <dev@nul.ie>
@alyssais Alyssa Ross <hi@alyssa.is>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@digitalrane Rane <rane+git@junkyard.systems>
@hehongbo Hongbo
@bartsch Daniel Martin <consume.noise@gmail.com>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>

Untriaged

Permalink CVE-2015-6815

created 1 month, 4 weeks ago

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does …

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.h… x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.h… x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.h… x_transferredx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html x_transferredx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html x_transferredx_refsource_MISC
http://www.ubuntu.com/usn/USN-2745-1 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/09/04/4 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/09/05/5 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1260076 x_transferredx_refsource_MISC
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html x_refsource_CONFIRMx_transferred
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html x_refsource_CONFIRMx_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-s… x_transferredx_refsource_MISC

Affected products

QEMU

==before 2.4.0.1

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.canokey-qemu

CanoKey QEMU Virt Card

pkgs.ubootQemuX86

Boot loader for embedded systems

nixos-unstable x86_defconfig-2025.10
- nixpkgs-unstable x86_defconfig-2025.10
- nixos-unstable-small x86_defconfig-2025.10
nixos-25.11 x86_defconfig-2025.10
- nixos-25.11-small x86_defconfig-2025.10
- nixpkgs-25.11-darwin x86_defconfig-2025.10

pkgs.ubootQemuX86_64

Boot loader for embedded systems

nixos-unstable x86_64_defconfig-2025.10
- nixpkgs-unstable x86_64_defconfig-2025.10
- nixos-unstable-small x86_64_defconfig-2025.10
nixos-25.11 x86_64_defconfig-2025.10
- nixos-25.11-small x86_64_defconfig-2025.10
- nixpkgs-25.11-darwin x86_64_defconfig-2025.10

pkgs.ubootQemuAarch64

Boot loader for embedded systems

nixos-unstable qemu_arm64_defconfig-2025.10
- nixpkgs-unstable qemu_arm64_defconfig-2025.10
- nixos-unstable-small qemu_arm64_defconfig-2025.10
nixos-25.11 qemu_arm64_defconfig-2025.10
- nixos-25.11-small qemu_arm64_defconfig-2025.10
- nixpkgs-25.11-darwin qemu_arm64_defconfig-2025.10

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python314Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5
nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python314Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@oxalica oxalica <oxalicc@pm.me>
@DavHau David Hauer <d.hauer.it@gmail.com>
@devplayer0 Jack O'Sullivan <dev@nul.ie>
@alyssais Alyssa Ross <hi@alyssa.is>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@digitalrane Rane <rane+git@junkyard.systems>
@hehongbo Hongbo
@bartsch Daniel Martin <consume.noise@gmail.com>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>

Untriaged

Permalink CVE-2015-5239

created 1 month, 4 weeks ago

Integer overflow in the VNC display driver in QEMU before …

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

References

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.h… x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.h… x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.h… x_transferredx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html x_transferredx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html x_transferredx_refsource_MISC
http://www.ubuntu.com/usn/USN-2745-1 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/09/02/7 x_transferredx_refsource_MISC
https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d x_refsource_CONFIRMx_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-s… x_transferredx_refsource_MISC

Affected products

QEMU

==before 2.1.0

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.canokey-qemu

CanoKey QEMU Virt Card

pkgs.ubootQemuX86

Boot loader for embedded systems

nixos-unstable x86_defconfig-2025.10
- nixpkgs-unstable x86_defconfig-2025.10
- nixos-unstable-small x86_defconfig-2025.10
nixos-25.11 x86_defconfig-2025.10
- nixos-25.11-small x86_defconfig-2025.10
- nixpkgs-25.11-darwin x86_defconfig-2025.10

pkgs.ubootQemuX86_64

Boot loader for embedded systems

nixos-unstable x86_64_defconfig-2025.10
- nixpkgs-unstable x86_64_defconfig-2025.10
- nixos-unstable-small x86_64_defconfig-2025.10
nixos-25.11 x86_64_defconfig-2025.10
- nixos-25.11-small x86_64_defconfig-2025.10
- nixpkgs-25.11-darwin x86_64_defconfig-2025.10

pkgs.ubootQemuAarch64

Boot loader for embedded systems

nixos-unstable qemu_arm64_defconfig-2025.10
- nixpkgs-unstable qemu_arm64_defconfig-2025.10
- nixos-unstable-small qemu_arm64_defconfig-2025.10
nixos-25.11 qemu_arm64_defconfig-2025.10
- nixos-25.11-small qemu_arm64_defconfig-2025.10
- nixpkgs-25.11-darwin qemu_arm64_defconfig-2025.10

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python314Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5
nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python314Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@oxalica oxalica <oxalicc@pm.me>
@DavHau David Hauer <d.hauer.it@gmail.com>
@devplayer0 Jack O'Sullivan <dev@nul.ie>
@alyssais Alyssa Ross <hi@alyssa.is>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@digitalrane Rane <rane+git@junkyard.systems>
@hehongbo Hongbo
@bartsch Daniel Martin <consume.noise@gmail.com>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>

Untriaged

Permalink CVE-2026-0665

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 month, 4 weeks ago

Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

References

https://access.redhat.com/security/cve/CVE-2026-0665 vdb-entryx_refsource_REDHAT
RHBZ#2428640 issue-trackingx_refsource_REDHAT

Affected products

qemu

=<10.2.0

rhcos

qemu-kvm

qemu-kvm-ma

virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.canokey-qemu

CanoKey QEMU Virt Card

pkgs.ubootQemuX86

Boot loader for embedded systems

nixos-unstable x86_defconfig-2025.10
- nixpkgs-unstable x86_defconfig-2025.10
- nixos-unstable-small x86_defconfig-2025.10
nixos-25.11 x86_defconfig-2025.10
- nixos-25.11-small x86_defconfig-2025.10
- nixpkgs-25.11-darwin x86_defconfig-2025.10

pkgs.ubootQemuX86_64

Boot loader for embedded systems

nixos-unstable x86_64_defconfig-2025.10
- nixpkgs-unstable x86_64_defconfig-2025.10
- nixos-unstable-small x86_64_defconfig-2025.10
nixos-25.11 x86_64_defconfig-2025.10
- nixos-25.11-small x86_64_defconfig-2025.10
- nixpkgs-25.11-darwin x86_64_defconfig-2025.10

pkgs.ubootQemuAarch64

Boot loader for embedded systems

nixos-unstable qemu_arm64_defconfig-2025.10
- nixpkgs-unstable qemu_arm64_defconfig-2025.10
- nixos-unstable-small qemu_arm64_defconfig-2025.10
nixos-25.11 qemu_arm64_defconfig-2025.10
- nixos-25.11-small qemu_arm64_defconfig-2025.10
- nixpkgs-25.11-darwin qemu_arm64_defconfig-2025.10

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python314Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5
nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python314Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@oxalica oxalica <oxalicc@pm.me>
@DavHau David Hauer <d.hauer.it@gmail.com>
@devplayer0 Jack O'Sullivan <dev@nul.ie>
@alyssais Alyssa Ross <hi@alyssa.is>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@digitalrane Rane <rane+git@junkyard.systems>
@hehongbo Hongbo
@bartsch Daniel Martin <consume.noise@gmail.com>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>

Untriaged

Permalink CVE-2025-14876

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 month, 4 weeks ago

Qemu-kvm: unbounded allocation in virtio-crypto

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.

References

https://access.redhat.com/security/cve/CVE-2025-14876 vdb-entryx_refsource_REDHAT
RHBZ#2423549 issue-trackingx_refsource_REDHAT

Affected products

qemu

=<10.2.0

rhcos

qemu-kvm

qemu-kvm-ma

virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 10.2.0
- nixpkgs-unstable 10.2.0
- nixos-unstable-small 10.2.0
nixos-25.11 10.1.2
- nixos-25.11-small 10.1.2
- nixpkgs-25.11-darwin 10.1.2

pkgs.canokey-qemu

CanoKey QEMU Virt Card

pkgs.ubootQemuX86

Boot loader for embedded systems

nixos-unstable x86_defconfig-2025.10
- nixpkgs-unstable x86_defconfig-2025.10
- nixos-unstable-small x86_defconfig-2025.10
nixos-25.11 x86_defconfig-2025.10
- nixos-25.11-small x86_defconfig-2025.10
- nixpkgs-25.11-darwin x86_defconfig-2025.10

pkgs.ubootQemuX86_64

Boot loader for embedded systems

nixos-unstable x86_64_defconfig-2025.10
- nixpkgs-unstable x86_64_defconfig-2025.10
- nixos-unstable-small x86_64_defconfig-2025.10
nixos-25.11 x86_64_defconfig-2025.10
- nixos-25.11-small x86_64_defconfig-2025.10
- nixpkgs-25.11-darwin x86_64_defconfig-2025.10

pkgs.ubootQemuAarch64

Boot loader for embedded systems

nixos-unstable qemu_arm64_defconfig-2025.10
- nixpkgs-unstable qemu_arm64_defconfig-2025.10
- nixos-unstable-small qemu_arm64_defconfig-2025.10
nixos-25.11 qemu_arm64_defconfig-2025.10
- nixos-25.11-small qemu_arm64_defconfig-2025.10
- nixpkgs-25.11-darwin qemu_arm64_defconfig-2025.10

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1
nixos-25.11 0.6.1.0a1
- nixos-25.11-small 0.6.1.0a1
- nixpkgs-25.11-darwin 0.6.1.0a1

pkgs.python314Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python312Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python313Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5
nixos-25.11 0.0.5
- nixos-25.11-small 0.0.5
- nixpkgs-25.11-darwin 0.0.5

pkgs.python314Packages.qemu-qmp

Asyncio library for communicating with QEMU Monitor Protocol (“QMP”) servers

nixos-unstable 0.0.5
- nixpkgs-unstable 0.0.5
- nixos-unstable-small 0.0.5

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@oxalica oxalica <oxalicc@pm.me>
@DavHau David Hauer <d.hauer.it@gmail.com>
@devplayer0 Jack O'Sullivan <dev@nul.ie>
@alyssais Alyssa Ross <hi@alyssa.is>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@digitalrane Rane <rane+git@junkyard.systems>
@hehongbo Hongbo
@bartsch Daniel Martin <consume.noise@gmail.com>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>

Untriaged

Permalink CVE-2024-4467

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 10 months, 3 weeks ago

Qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

References

RHSA-2024:4276 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4277 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4278 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4372 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4373 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4374 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4420 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4724 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:4727 vendor-advisoryx_refsource_REDHATx_transferred
https://access.redhat.com/security/cve/CVE-2024-4467 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2278875 issue-trackingx_transferredx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2024/07/23/2 x_transferred
https://security.netapp.com/advisory/ntap-20240822-0005/

Affected products

qemu

<9.1.0

virt:av

*

qemu-kvm

*

virt:8.2

*

virt:rhel

*

qemu-kvm-ma

virt-devel:av

*

virt-devel:rhel

*

virt:av/qemu-kvm

virt:rhel/qemu-kvm

container-native-virtualization/virt-cdi-operator-rhel9

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

nixos-unstable 9.1.1
- nixpkgs-unstable 9.1.1
- nixos-unstable-small 9.1.1

pkgs.canokey-qemu

CanoKey QEMU Virt Card

nixos-unstable 0-unstable-2023-06-06
- nixpkgs-unstable 0-unstable-2023-06-06
- nixos-unstable-small 0-unstable-2023-06-06

pkgs.ubootQemuX86

Boot loader for embedded systems

nixos-unstable x86_defconfig-2024.10
- nixpkgs-unstable x86_defconfig-2024.10
- nixos-unstable-small x86_defconfig-2024.10

pkgs.ubootQemuX86_64

Boot loader for embedded systems

pkgs.ubootQemuAarch64

Boot loader for embedded systems

nixos-unstable qemu_arm64_defconfig-2024.10
- nixpkgs-unstable qemu_arm64_defconfig-2024.10
- nixos-unstable-small qemu_arm64_defconfig-2024.10

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.python311Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python312Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

nixos-unstable 0.6.1.0a1
- nixpkgs-unstable 0.6.1.0a1
- nixos-unstable-small 0.6.1.0a1

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers

@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@oxalica oxalica <oxalicc@pm.me>
@devplayer0 Jack O'Sullivan <dev@nul.ie>
@DavHau David Hauer <d.hauer.it@gmail.com>
@alyssais Alyssa Ross <hi@alyssa.is>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
@hehongbo Hongbo
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@bartsch Daniel Martin <consume.noise@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.qemu

pkgs.qemu_kvm

pkgs.qemu_xen

pkgs.qemu-user

pkgs.qemu_full

pkgs.qemu_test

pkgs.qemu-utils

pkgs.canokey-qemu

pkgs.ubootQemuX86

pkgs.ubootQemuX86_64

pkgs.ubootQemuAarch64

pkgs.qemu-python-utils

pkgs.armTrustedFirmwareQemu

pkgs.python312Packages.qemu

pkgs.python313Packages.qemu

pkgs.python314Packages.qemu

pkgs.python312Packages.qemu-qmp

pkgs.python313Packages.qemu-qmp

pkgs.python314Packages.qemu-qmp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.qemu

pkgs.qemu_kvm

pkgs.qemu_xen

pkgs.qemu-user

pkgs.qemu_full

pkgs.qemu_test

pkgs.qemu-utils

pkgs.canokey-qemu

pkgs.ubootQemuX86

pkgs.ubootQemuX86_64

pkgs.ubootQemuAarch64

pkgs.qemu-python-utils

pkgs.armTrustedFirmwareQemu

pkgs.python312Packages.qemu

pkgs.python313Packages.qemu

pkgs.python314Packages.qemu

pkgs.python312Packages.qemu-qmp

pkgs.python313Packages.qemu-qmp

pkgs.python314Packages.qemu-qmp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.qemu

pkgs.qemu_kvm

pkgs.qemu_xen

pkgs.qemu-user

pkgs.qemu_full

pkgs.qemu_test

pkgs.qemu-utils

pkgs.canokey-qemu

pkgs.ubootQemuX86

pkgs.ubootQemuX86_64

pkgs.ubootQemuAarch64

pkgs.qemu-python-utils

pkgs.armTrustedFirmwareQemu

pkgs.python312Packages.qemu

pkgs.python313Packages.qemu

pkgs.python314Packages.qemu

pkgs.python312Packages.qemu-qmp

pkgs.python313Packages.qemu-qmp

pkgs.python314Packages.qemu-qmp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.qemu

pkgs.qemu_kvm

pkgs.qemu_xen

pkgs.qemu-user

pkgs.qemu_full

pkgs.qemu_test

pkgs.qemu-utils