CVE-2020-13253Out-of-bounds Read in Qemu

CWE-125Out-of-bounds Read14 documents9 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.1%
top 69.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedMay 27
Latest updateMay 24

Description

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianqemu/qemu< 1:5.0-8+3
Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.45+3
NVDqemu/qemu5.0.1

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 20.04

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: lists.gnu.org

🔴Vulnerability Details

5
GHSA
GHSA-mpcr-cpf2-g7x3: sd_wp_addr in hw/sd/sd2022-05-24
OSV
qemu vulnerabilities2021-02-02
OSV
qemu vulnerabilities2020-08-19
CVEList
CVE-2020-13253: sd_wp_addr in hw/sd/sd2020-05-27
OSV
CVE-2020-13253: sd_wp_addr in hw/sd/sd2020-05-27

📋Vendor Advisories

5
Ubuntu
QEMU vulnerabilities2021-02-02
Ubuntu
QEMU vulnerabilities2020-08-19
Red Hat
QEMU: sd: OOB access could crash the guest resulting in DoS2020-05-20
Microsoft
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.2020-05-12
Debian
CVE-2020-13253: qemu - sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads ...2020

💬Community

3
Bugzilla
CVE-2020-13253 xen: QEMU: sd: OOB access could crash the guest resulting in DoS [fedora-all]2020-05-21
Bugzilla
CVE-2020-13253 qemu: sd: OOB access could crash the guest resulting in DoS [fedora-all]2020-05-21
Bugzilla
CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS2020-05-21
CVE-2020-13253 — Out-of-bounds Read in Qemu | cvebase