CVE-2020-13659NULL Pointer Dereference in Qemu

CWE-476NULL Pointer Dereference13 documents9 sources
Severity
2.5LOWNVD
OSV6.5OSV5.5
EPSS
0.0%
top 89.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedJun 2
Latest updateMay 24

Description

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:LExploitability: 0.8 | Impact: 1.4

Affected Packages4 packages

Debianqemu/qemu< 1:5.0-6+3
Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.45+3
NVDqemu/qemu4.2.0
NVDopensuse/leap15.2

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 20.04

Patches

Patch: www.openwall.comPatch: lists.gnu.orgPatch: www.openwall.com

🔴Vulnerability Details

5
GHSA
GHSA-3cvr-q9wg-jwqw: address_space_map in exec2022-05-24
OSV
qemu vulnerabilities2021-02-02
OSV
qemu vulnerabilities2020-08-19
CVEList
CVE-2020-13659: address_space_map in exec2020-06-02
OSV
CVE-2020-13659: address_space_map in exec2020-06-02

📋Vendor Advisories

5
Ubuntu
QEMU vulnerabilities2021-02-02
Ubuntu
QEMU vulnerabilities2020-08-19
Microsoft
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.2020-06-09
Red Hat
QEMU: exec: address_space_map returns NULL without setting length to zero may lead to DoS2020-05-14
Debian
CVE-2020-13659: qemu - address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference...2020

💬Community

2
Bugzilla
CVE-2020-13659 qemu: exec: address_space_map returns NULL without setting length to zero may lead to DoS [fedora-all]2020-06-01
Bugzilla
CVE-2020-13659 QEMU: exec: address_space_map returns NULL without setting length to zero may lead to DoS2020-06-01
CVE-2020-13659 — NULL Pointer Dereference in Qemu | cvebase