Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15469

Опубликовано: 17 июн. 2020
Источник: redhat
CVSS3: 2.3

Описание

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

A NULL pointer dereference flaw was found in various system emulators of QEMU that occurs while performing MMIO r/w operations when the respective handler function is not defined. This flaw allows a privileged guest user to invoke the MMIO operation to crash the QEMU process on the host, resulting in a denial of service.

Отчет

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmFix deferred
Red Hat Enterprise Linux 7qemu-kvm-maFix deferred
Red Hat Enterprise Linux 7qemu-kvm-rhevFix deferred
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmFix deferred
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmFix deferred
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevWill not fix
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1853154QEMU: MMIO ops null pointer dereference may lead to DoS

2.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15469

CVSS3: 2.3
ubuntu
почти 5 лет назад

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

nvd логотип

CVE-2020-15469

CVSS3: 2.3
nvd
почти 5 лет назад

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

msrc логотип

CVE-2020-15469

CVSS3: 2.3
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-15469

CVSS3: 2.3
debian
почти 5 лет назад

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...

github логотип

GHSA-35fj-h53g-7cqv

CVSS3: 2.3
github
около 3 лет назад

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

2.3 Low

CVSS3