Published: 04/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.6 | Impact Score: 3.4 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows malicious users to trigger an invalid memory copy operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 4.0.0
qemu qemu 4.1.0
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
debian debian linux 8.0
debian debian linux 9.0

Synopsis Moderate: qemu-kvm security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time This flaw occurs in the rom_copy() routine while loading the contents of a 32-bit -kernel image into memory Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially leading to code execution with the privileges of the ...

CWE-787 https://www.openwall.com/lists/oss-security/2020/06/03/6 https://security.netapp.com/advisory/ntap-20200619-0006/https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://usn.ubuntu.com/4467-1/https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319 https://access.redhat.com/errata/RHSA-2021:0347 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1617.html

CVE-2020-13765

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect