Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2020-12829 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 |
CWE-ID | CWE-190 CWE-787 CWE-121 CWE-617 |
Exploitation vector | Local network |
Public exploit | Public exploit code for vulnerability #2 is available. |
Vulnerable software Subscribe |
qemu (Debian package) Operating systems & Components / Operating system package or component |
Vendor | Debian |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU46318
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12829
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A remote user could abuse this flaw to crash the QEMU process in
sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a
denial of service.
Update qemu package to version 1:3.1+dfsg-8+deb10u8.
Vulnerable software versionsqemu (Debian package): 1:3.1+dfsg-8+deb10u2 - 3.1+dfsg-8+deb10u7
External linkshttp://www.debian.org/security/2020/dsa-4760
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU45985
Risk: Medium
CVSSv3.1: 8.5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2020-14364
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error within the USB emulator in QEMU. A remote user with access to guest operating system on the guest operating system can send specially crafted USB packets, trigger out-of-bounds write and execute arbitrary code on the host system.
MitigationUpdate qemu package to version 1:3.1+dfsg-8+deb10u8.
Vulnerable software versionsqemu (Debian package): 1:3.1+dfsg-8+deb10u2 - 3.1+dfsg-8+deb10u7
External linkshttp://www.debian.org/security/2020/dsa-4760
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU31799
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-15863
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system with elevated privileges.
The vulnerability exists due to a boundary error when processing packets in xgmac_enet_send() in hw/net/xgmac.c. A local user on the guest operating system can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
MitigationUpdate qemu package to version 1:3.1+dfsg-8+deb10u8.
Vulnerable software versionsqemu (Debian package): 1:3.1+dfsg-8+deb10u2 - 3.1+dfsg-8+deb10u7
External linkshttp://www.debian.org/security/2020/dsa-4760
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU44163
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-16092
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing certain network packets on "e1000e" and "vmxnet3" devices in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c. A remote attacker on a guest operating system can send a specially crafted packet that will result in hypervisor crash.
Update qemu package to version 1:3.1+dfsg-8+deb10u8.
Vulnerable software versionsqemu (Debian package): 1:3.1+dfsg-8+deb10u2 - 3.1+dfsg-8+deb10u7
External linkshttp://www.debian.org/security/2020/dsa-4760
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.