Red Hat Enterprise Linux 7 update for qemu-kvm-ma



Published: 2020-09-30
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2020-14364
CWE ID CWE-787
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, big endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Out-of-bounds write

Risk: Medium

CVSSv3: 8.1 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14364

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error within the USB emulator in QEMU. A remote user with access to guest operating system on the guest operating system can send specially crafted USB packets, trigger out-of-bounds write and execute arbitrary code on the host system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

CPE External links

https://access.redhat.com/errata/RHSA-2020:4078

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.