CVE-2020-27821Out-of-bounds Write in Qemu

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow8 documents7 sources
Severity
6.0MEDIUMNVD
OSV3.8
EPSS
0.0%
top 89.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian QemuDebian Linux+1 more
Timeline
PublishedDec 8
Latest updateMay 24

Description

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages6 packages

NVDqemu/qemu< 5.2.0
debiandebian/qemu< qemu 1:5.2+dfsg-3 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-3+3
Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.49+2
CVEListV5qemu/qemuprior to 5.2.0

Also affects: Debian Linux 10.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-7p47-wfc3-mcqv: A flaw was found in the memory management API of QEMU during the initialization of a memory region cache2022-05-24
OSV
qemu vulnerabilities2021-02-08
OSV
CVE-2020-27821: A flaw was found in the memory management API of QEMU during the initialization of a memory region cache2020-12-08

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2021-02-08
Microsoft
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMI2020-12-08
Red Hat
QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c2020-12-03
Debian
CVE-2020-27821: qemu - A flaw was found in the memory management API of QEMU during the initialization ...2020