Denial of service in QEMU



Published: 2020-09-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-12829
CWE-ID CWE-190
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
QEMU
Client/Desktop applications / Virtualization software

Vendor QEMU

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU46318

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-12829

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A remote user could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QEMU: 4.0.0 - 5.0.0


CPE2.3 External links

http://bugzilla.redhat.com/show_bug.cgi?id=1808510
http://usn.ubuntu.com/4467-1/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###