Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-11947

Опубликовано: 20 апр. 2020
Источник: redhat
CVSS3: 3.8

Описание

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest. The highest threat from this vulnerability is to data confidentiality.

Отчет

This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmOut of support scope
Red Hat Enterprise Linux 6qemu-kvmOut of support scope
Red Hat Enterprise Linux 7qemu-kvmOut of support scope
Red Hat Enterprise Linux 7qemu-kvm-maOut of support scope
Red Hat Enterprise Linux 7qemu-kvm-rhevOut of support scope
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmAffected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.3/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevOut of support scope
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-131->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1912765QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure

3.8 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-11947

CVSS3: 3.8
ubuntu
больше 4 лет назад

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

nvd логотип

CVE-2020-11947

CVSS3: 3.8
nvd
больше 4 лет назад

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

debian логотип

CVE-2020-11947

CVSS3: 3.8
debian
больше 4 лет назад

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...

github логотип

GHSA-m8w3-4mqx-j486

github
около 3 лет назад

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

fstec логотип

BDU:2021-05171

CVSS3: 3.8
fstec
больше 4 лет назад

Уязвимость компонента block/iscsi.c эмулятора аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным

3.8 Low

CVSS3