CVE-2020-13765 — Out-of-bounds Write in Qemu

CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

5.6MEDIUMNVD

OSV6.5OSV3.5

EPSS

0.4%

top 41.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Canonical Ubuntu Linux Debian Linux

Timeline

PublishedJun 4

Latest updateNov 8

Description

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages3 packages

▶Debianqemu/qemu< 1:4.2-1+3

▶Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.45+8

▶NVDqemu/qemu4.0.0, 4.1.0+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 20.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2024-11-08

▶

GHSA

GHSA-pf9q-2ff3-67r4: rom_copy() in hw/core/loader↗2022-05-24

▶

OSV

qemu vulnerabilities↗2020-08-19

▶

CVEList

CVE-2020-13765: rom_copy() in hw/core/loader↗2020-06-04

▶

OSV

CVE-2020-13765: rom_copy() in hw/core/loader↗2020-06-04

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2024-11-08

▶

Ubuntu

QEMU vulnerabilities↗2020-08-19

▶

Red Hat

QEMU: loader: OOB access while loading registered ROM may lead to code execution↗2020-05-12

▶

Debian

CVE-2020-13765: qemu - rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relat...↗2020

▶

💬Community

Bugzilla

CVE-2020-13765 QEMU: loader: OOB access while loading registered ROM may lead to code execution↗2020-06-02

▶