CVE-2020-11102 — Out-of-bounds Write in Qemu

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

5.6MEDIUMNVD

EPSS

0.4%

top 39.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Msrc CBL Mariner 1.0 ARM +2 more

Timeline

PublishedApr 6

Latest updateMay 24

Description

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages6 packages

▶debiandebian/qemu< qemu 1:4.2-4 (bookworm)

▶Debianqemu/qemu< 1:4.2-4+3

▶NVDqemu/qemu4.2.0

▶msrcmsrc/cm1_qemu-kvm_4.2.0-13_on_cbl_mariner_1.0

▶msrcmsrc/cbl_mariner_1.0_arm

🔴Vulnerability Details

GHSA

GHSA-c632-pw4c-82pg: hw/net/tulip↗2022-05-24

▶

OSV

CVE-2020-11102: hw/net/tulip↗2020-04-06

▶

📋Vendor Advisories

Microsoft

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.↗2020-04-14

▶

Red Hat

QEMU: tulip: OOB access in tulip_copy_tx_buffers↗2020-02-11

▶

Debian

CVE-2020-11102: qemu - hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx b...↗2020

▶

💬Community

Bugzilla

CVE-2020-11102 qemu: tulip: OOB access in tulip_copy_tx_buffers [fedora-rawhide]↗2020-04-07

▶

Bugzilla

CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers↗2020-04-06

▶