Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11869

Опубликовано: 27 апр. 2020
Источник: debian

Описание

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:5.0-1package
qemunot-affectedbusterpackage
qemunot-affectedstretchpackage
qemunot-affectedjessiepackage

Примечания

  • Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7

  • https://www.openwall.com/lists/oss-security/2020/04/24/2

Связанные уязвимости

ubuntu логотип

CVE-2020-11869

CVSS3: 3.3
ubuntu
почти 6 лет назад

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

redhat логотип

CVE-2020-11869

CVSS3: 2.8
redhat
почти 6 лет назад

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

nvd логотип

CVE-2020-11869

CVSS3: 3.3
nvd
почти 6 лет назад

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

msrc логотип

CVE-2020-11869

CVSS3: 3.3
msrc
больше 5 лет назад

Описание отсутствует

github логотип

GHSA-v28g-xr7w-fvp4

github
больше 3 лет назад

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.