Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13765

Опубликовано: 12 мая 2020
Источник: redhat
CVSS3: 5.6
EPSS Низкий

Описание

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the rom_copy() routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially leading to code execution with the privileges of the QEMU process.

Отчет

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmWill not fix
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevOut of support scope
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2021:034702.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1842912QEMU: loader: OOB access while loading registered ROM may lead to code execution

EPSS

Процентиль: 73%
0.00784
Низкий

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-13765

CVSS3: 5.6
ubuntu
около 5 лет назад

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

nvd логотип

CVE-2020-13765

CVSS3: 5.6
nvd
около 5 лет назад

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

debian логотип

CVE-2020-13765

CVSS3: 5.6
debian
около 5 лет назад

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ...

github логотип

GHSA-pf9q-2ff3-67r4

CVSS3: 5.6
github
около 3 лет назад

rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

fstec логотип

BDU:2021-01327

CVSS3: 7.3
fstec
около 5 лет назад

Уязвимость функции rom_copy из hw/core/loader.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 73%
0.00784
Низкий

5.6 Medium

CVSS3