CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17380
https://notcve.org/view.php?id=CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Se encontró un desbordamiento del búfer en la región heap de la memoria en QEMU versiones hasta 5.0.0, en el soporte de emulación de dispositivo SDHCI. Podría ocurrir mientras se realiza una transferencia SDMA de bloques múltiples por medio de la rutina sdhci_sdma_transfer_multi_blocks() en el archivo hw/sd/sdhci.c. • http://www.openwall.com/lists/oss-security/2021/03/09/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862167 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html https://security.netapp.com/advisory/ntap-20210312-0003 • CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25723 – QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
https://notcve.org/view.php?id=CVE-2020-25723
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de aserción alcanzable en el código de emulación USB EHCI de QEMU. Podría ocurrir mientras se procesan las peticiones USB debido a una falta de manejo del fallo del mapa de memoria DMA. • http://www.openwall.com/lists/oss-security/2020/12/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1898579 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20201218-0004 https://access.redhat.com/security/cve/CVE-2020-25723 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24352
https://notcve.org/view.php?id=CVE-2020-24352
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se detectó un problema en QEMU versiones hasta 5.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1847584 https://git.qemu.org/?p=qemu.git https://security.netapp.com/advisory/ntap-20201123-0003 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25742
https://notcve.org/view.php?id=CVE-2020-25742
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. La función pci_change_irq_level en el archivo hw/pci/pci.c en QEMU versiones anteriores a 5.1.1, presenta una desreferencia de puntero NULL porque la función pci_get_bus() podría no devolver un puntero válido • http://www.openwall.com/lists/oss-security/2020/09/29/1 https://bugzilla.redhat.com/show_bug.cgi?id=1883178 https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25743
https://notcve.org/view.php?id=CVE-2020-25743
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. El archivo hw/ide/pci.c en QEMU versiones anteriores a 5.1.1, puede desencadenar una desreferencia del puntero NULL porque carece de una comprobación de puntero antes de una llamada de ide_cancel_dma_sync • http://www.openwall.com/lists/oss-security/2020/09/29/1 https://bugzilla.redhat.com/show_bug.cgi?id=1881409 https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b • CWE-476: NULL Pointer Dereference •