Main Vulnerability Database Vulnerabilities #VU45985

#VU45985 Out-of-bounds write in QEMU - CVE-2020-14364

Published: August 24, 2020 / Updated: August 15, 2021

Vulnerability identifier: #VU45985

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-14364

CWE-ID: CWE-787

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vulnerable software:
QEMU

Software vendor:
QEMU

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error within the USB emulator in QEMU. A remote user with access to guest operating system on the guest operating system can send specially crafted USB packets, trigger out-of-bounds write and execute arbitrary code on the host system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://seclists.org/oss-sec/2020/q3/133
https://xenbits.xen.org/xsa/advisory-335.html