CVE-2020-1711
published 2020-02-11CVE-2020-1711: An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an…
medium6CVSS 3.1
AVNACHPRLUINSCCLILAL
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | qemu | < qemu 1:4.2-2 (bookworm) | qemu 1:4.2-2 (bookworm) |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_qemu-kvm_4.2.0-13_on_cbl_mariner_1.0 | — | — |
| opensuse | leap | — | — |
| qemu | qemu | >= 0 < 1:4.2-2 | 1:4.2-2 |
| qemu | qemu | >= 0 < 1:4.2-2 | 1:4.2-2 |
| qemu | qemu | >= 0 < 1:4.2-2 | 1:4.2-2 |
| qemu | qemu | >= 0 < 1:4.2-2 | 1:4.2-2 |
| qemu | qemu | >= 0 < 1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
| qemu | qemu | >= 0 < 1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
| qemu | qemu | >= 2.12.0 < 4.2.1 | 4.2.1 |
| red_hat | qemu | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.16.0MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
osv6.0MEDIUM