CVE-2020-29443 — Out-of-bounds Read in Qemu

CWE-125 — Out-of-bounds Read9 documents6 sources

Severity

3.9LOWNVD

OSV3.8OSV2.3

EPSS

0.1%

top 77.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedJan 26

Latest updateMay 24

Description

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:LExploitability: 0.8 | Impact: 2.7

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:5.2+dfsg-11 (bookworm)

▶Debianqemu/qemu< 1:5.2+dfsg-11+3

▶Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.49+4

▶NVDqemu/qemu5.1.0

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: lists.nongnu.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-3q92-j8r6-g6h8: ide_atapi_cmd_reply_end in hw/ide/atapi↗2022-05-24

▶

OSV

qemu vulnerabilities↗2021-07-15

▶

OSV

qemu vulnerabilities↗2021-02-08

▶

OSV

CVE-2020-29443: ide_atapi_cmd_reply_end in hw/ide/atapi↗2021-01-26

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2021-07-15

▶

Ubuntu

QEMU vulnerabilities↗2021-02-08

▶

Red Hat

QEMU: ide: atapi: OOB access while processing read commands↗2020-11-18

▶

Debian

CVE-2020-29443: qemu - ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds rea...↗2020

▶