Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13800

Опубликовано: 03 июн. 2020
Источник: redhat
CVSS3: 2.5

Описание

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

An infinite recursion flaw was found in the ati-vga emulator of the QEMU. The issue occurs in ati_mm_read/write routines while accessing VGA registers, for certain values of the 'mm_index' variable. This flaw allows a guest user or process to crash the QEMU process, resulting in a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1843771QEMU: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS

2.5 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-13800

CVSS3: 6
ubuntu
больше 5 лет назад

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

nvd логотип

CVE-2020-13800

CVSS3: 6
nvd
больше 5 лет назад

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

msrc логотип

CVE-2020-13800

CVSS3: 6
msrc
больше 5 лет назад

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

debian логотип

CVE-2020-13800

CVSS3: 6
debian
больше 5 лет назад

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...

github логотип

GHSA-xhj5-rvcv-cccg

CVSS3: 6
github
больше 3 лет назад

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

2.5 Low

CVSS3