CVE-2020-13800 — Uncontrolled Recursion in Qemu

CWE-674 — Uncontrolled Recursion CWE-835 — Infinite Loop11 documents9 sources

Severity

6.0MEDIUMNVD

OSV6.5

EPSS

0.1%

top 71.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedJun 4

Latest updateMay 24

Description

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages4 packages

▶Debianqemu/qemu< 1:5.0-6+3

▶Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.45+2

▶NVDqemu/qemu4.2.0

▶NVDopensuse/leap15.2

Also affects: Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

GHSA

GHSA-xhj5-rvcv-cccg: ati-vga in hw/display/ati↗2022-05-24

▶

OSV

qemu vulnerabilities↗2020-08-19

▶

OSV

CVE-2020-13800: ati-vga in hw/display/ati↗2020-06-04

▶

CVEList

CVE-2020-13800: ati-vga in hw/display/ati↗2020-06-04

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2020-08-19

▶

Microsoft

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.↗2020-06-09

▶

Red Hat

QEMU: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS↗2020-06-03

▶

Debian

CVE-2020-13800: qemu - ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infin...↗2020

▶

💬Community

Bugzilla

CVE-2020-13800 qemu: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS [fedora-all]↗2020-06-04

▶

Bugzilla

CVE-2020-13800 QEMU: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS↗2020-06-04

▶