CVE-2020-25742 — NULL Pointer Dereference in Qemu

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

3.2LOWNVD

EPSS

0.0%

top 86.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Msrc CM1 Qemu-kvm 4.2.0-21 ON CBL Mariner 1.0

Timeline

PublishedOct 6

Latest updateMay 24

Description

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:LExploitability: 1.5 | Impact: 1.4

Affected Packages3 packages

▶NVDqemu/qemu< 5.1.1

▶debiandebian/qemu

▶msrcmsrc/cm1_qemu-kvm_4.2.0-21_on_cbl_mariner_1.0

Patches

Patch: bugzilla.redhat.com ↗Patch: lists.nongnu.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-xxr9-8j75-c68c: pci_change_irq_level in hw/pci/pci↗2022-05-24

▶

OSV

CVE-2020-25742: pci_change_irq_level in hw/pci/pci↗2020-10-06

▶

📋Vendor Advisories

Microsoft

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.↗2020-10-13

▶

Red Hat

QEMU: scsi: lsi: null pointer dereference during memory move↗2020-06-24

▶

Debian

CVE-2020-25742: qemu - pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer der...↗2020

▶

💬Community

Bugzilla

CVE-2020-25742 QEMU: scsi: lsi: null pointer dereference during memory move↗2020-09-28

▶

Bugzilla

CVE-2020-25742 xen: QEMU: scsi: lsi: null pointer dereference during memory move [fedora-all]↗2020-09-28

▶

Bugzilla

CVE-2020-25742 qemu: scsi: lsi: null pointer dereference during memory move [fedora-all]↗2020-09-28

▶