Denial of service in QEMU



Published: 2020-09-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-12829
CWE-ID CWE-190
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
QEMU
Client/Desktop applications / Virtualization software

Vendor QEMU

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU46318

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12829

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A remote user could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QEMU: 4.0.0 - 5.0.0

External links

http://bugzilla.redhat.com/show_bug.cgi?id=1808510
http://usn.ubuntu.com/4467-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###