Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13754

Опубликовано: 01 июн. 2020
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

An out-of-bounds access flaw was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user or process may use this flaw to crash the QEMU process resulting in a denial of service.

Отчет

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maWill not fix
Red Hat Enterprise Linux 7qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmAffected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevOut of support scope
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevWill not fix
Advanced Virtualization for RHEL 8.2.1virtFixedRHSA-2021:252122.06.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1842363QEMU: msix: OOB access during mmio operations may lead to DoS

EPSS

Процентиль: 6%
0.00026
Низкий

5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-13754

CVSS3: 6.7
ubuntu
около 5 лет назад

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

nvd логотип

CVE-2020-13754

CVSS3: 6.7
nvd
около 5 лет назад

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

msrc логотип

CVE-2020-13754

CVSS3: 6.7
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-13754

CVSS3: 6.7
debian
около 5 лет назад

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...

github логотип

GHSA-7f7c-v5j3-cchv

github
около 3 лет назад

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

EPSS

Процентиль: 6%
0.00026
Низкий

5 Medium

CVSS3