CVE-2020-15859
QEMU: net: e1000e: use-after-free while sending packets
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
QEMU versión 4.2.0, presenta un uso de la memoria previamente liberada en el archivo hw/net/e1000e_core.c porque un usuario del Sistema Operativo invitado puede activar un paquete e1000e con la dirección de datos establecida en la dirección MMIO del e1000e
A use-after-free flaw was found in the INTEL 82574 NIC (e1000e) emulator of the QEMU. The issue happens while sending packets if the guest user has set the packet data address to the e1000e's MMIO address. This flaw allows a guest user or process to crash the QEMU process on the host, resulting in a denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-20 CVE Reserved
- 2020-07-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/qemu/+bug/1886362 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html | 2022-09-23 | |
| https://www.openwall.com/lists/oss-security/2020/07/21/3 | 2022-09-23 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202208-27 | 2022-09-23 | |
| https://access.redhat.com/security/cve/CVE-2020-15859 | 2021-11-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1859168 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 4.2.0 Search vendor "Qemu" for product "Qemu" and version "4.2.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||