CVE-2020-11869Integer Overflow or Wraparound in Qemu

CWE-190Integer Overflow or WraparoundCWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write10 documents8 sources
Severity
3.3LOWNVD
OSV5.8
EPSS
0.1%
top 74.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QemuDebian QemuMsrc CBL Mariner 1.0 ARM+2 more
Timeline
PublishedApr 27
Latest updateMay 24

Description

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages7 packages

debiandebian/qemu< qemu 1:5.0-1 (bookworm)
Debianqemu/qemu< 1:5.0-1+3
Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.44+2
NVDqemu/qemu4.0.14.2.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-v28g-xr7w-fvp4: An integer overflow was found in QEMU 42022-05-24
OSV
qemu vulnerabilities2020-05-21
OSV
CVE-2020-11869: An integer overflow was found in QEMU 42020-04-27

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2020-05-21
Microsoft
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write ope2020-04-14
Red Hat
qemu: integer overflow in ati_2d_blt() in hw/display/ati-2d.c could lead to DoS2020-04-07
Debian
CVE-2020-11869: qemu - An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemen...2020

💬Community

2
Bugzilla
CVE-2020-11869 qemu: integer overflow in ati_2d_blt() in hw/display/ati-2d.c could lead to DoS [fedora-all]2020-06-16
Bugzilla
CVE-2020-11869 qemu: integer overflow in ati_2d_blt() in hw/display/ati-2d.c could lead to DoS2020-03-04