#VU25510 Heap-based buffer overflow in QEMU


Published: 2020-02-21

Vulnerability identifier: #VU25510

Vulnerability risk: Medium

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1711

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary error in the way the iSCSI Block driver handles a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an "iscsi_co_block_status()" routine. A remote authenticated attacker can trigger heap-based buffer overflow and cause a denial of service condition or potentially execute arbitrary code with privileges of the QEMU process on the host.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

QEMU: 2.12.0 - 4.2.0

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711
http://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
http://www.openwall.com/lists/oss-security/2020/01/23/3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for QEMU
Arch Linux update for qemu
Red Hat Enterprise Linux 7 update for qemu-kvm-ma
OpenSUSE Linux update for qemu
Red Hat Enterprise Linux 7.7 Extended Update Support update for qemu-kvm-ma
Red Hat OpenStack Platform 13 update for qemu-kvm-rhev
Red Hat OpenStack Platform 10 update for qemu-kvm-rhev
Red Hat Enterprise Linux 7 update for qemu-kvm-ma
Red Hat Enterprise Linux 7 update for qemu-kvm-ma
Red Hat Virtualization 4 update for qemu-kvm-rhev