Published: 31/08/2020 Updated: 14/12/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.8 | Impact Score: 1.4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

In QEMU up to and including 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04
debian debian linux 10.0

Debian Bug report logs - #961451 CVE-2020-12829 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 24 May 2020 17:33:03 UTC Severity: normal Tags: security, upstream Found in version qemu/1:50-5 Re ...

Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service CVE-2020-14364 An out-of-bands write in the USB emulation code may result in guest-to-host code execution CVE-2020-15863 A buffer overflow in the XGMAC net ...

CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=1808510 https://usn.ubuntu.com/4467-1/https://www.debian.org/security/2020/dsa-4760 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961451 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4760

CVE-2020-12829

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect