Published: 31/08/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 5 | Impact Score: 3.7 | Exploitability Score: 0.8

VMScore: 394

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions prior to 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat openstack 10
redhat enterprise linux 8.0
redhat openstack 13
fedoraproject fedora 31
fedoraproject fedora 32
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.2
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04

Debian Bug report logs - #968947 qemu: CVE-2020-14364: usb: out-of-bounds r/w access issue Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Aug 2020 12:51:02 UTC Severity: important Tags: securi ...

Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service CVE-2020-14364 An out-of-bands write in the USB emulation code may result in guest-to-host code execution CVE-2020-15863 A buffer overflow in the XGMAC net ...

A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled Two VncState objects are created, and one allocates memory for the Zlib's data object This allocated memory is not freed upon disconnection, resulting in a memory leak An attacker able to connect to ...

qemu-seccompc in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (CVE-2018-15746) A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator This flaw occurs in the ip_reass() routine whi ...

Synopsis Important: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise ...

Synopsis Important: redhat-release-virtualization-host and redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 ...

Synopsis Important: qemu-kvm-ma security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...

Synopsis Important: qemu-kvm-ma security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...

Synopsis Important: virt:82 and virt-devel:82 security and bug fix update Type/Severity Security Advisory: Important Topic An update for the virt:82 and virt-devel:82 modules is now available for Advanced Virtualization for RHEL 821Red Hat Product Security has rated this update as having a security i ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform10 (Newton)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sys ...

Synopsis Important: qemu-kvm-ma security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: virt:81 and virt-devel:81 security update Type/Severity Security Advisory: Important Topic An update for the virt:81 and virt-devel:81 modules is now available for Advanced Virtualization for RHEL 811Red Hat Product Security has rated this update as having a security impact of Imp ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP ...

Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP ...

Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform13 (Queens)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sys ...

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 520 This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines This flaw allows a guest user to crash the QEMU process, resulting in a denial of s ...

Description of Problem Two issues have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix Hypervisor 8 ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets  <!--X-Head-o ...

在之后的学习中会记录自己每天花在虚拟化上的时间，以下图勉励自己，希望自己可以追赶上别人的步伐写于20201214 虚拟化：32 hours 学习：64 hours Learning_Record 第一周 ( 2020629 - 202075 ) : STL(一) 弄完STL vector 补C++ 南大计算机基础第二周 ( 2020706 - 2020712 ) : STL(二) 弄完STL list tr

CVE-2020-14364 my ring0 exploit

Record my study process

skr-lab Record my study progress 第一阶段: Computer basic 1-3 weeks: mystl 1-2 weeks 514-528 1-2周主要学习了c++，由于我没有c++基础，就从c++ primer看起了，但是由于primer里细碎的知识点过多，所以c++的很多特性还不熟，有以下收获模版和泛型编程初步掌握面向对象编程中类的一些特性：类的构造、�

CVE-2020-14364

qemu vulnerablity.

Real World produce CVE-2019-6788 (about slirp handle TCP/IP heap overflow) CVE-2020-14364 (USB core out of bounds read and write) TianfuCup2020-QEMU-Error-Handling-Bug (nvme device uninitialized variable and uninitialized free) vitio-260 (null pointer reference) vga-260 (out of bounds read and write) pcnet-220 (out of bounds read and write) Document Device Specific

vnctf2024 escape_langlang_mountain2 wp 前言用户态的题实在想不出新的点子，去年的VNCTF有qemu逃逸，所以今年继续沿用，正好自己也复现过一些qemu的CVE。在以往的qemu逃逸题中似乎很少有用伪造QEMUTimer结构体去劫持控制流的方法，本人也只在hfctf2022的hfdev和qwb2019的ExecChrome遇到过，不过它们都是使

CWE-125 CWE-787 https://www.openwall.com/lists/oss-security/2020/08/24/2 https://bugzilla.redhat.com/show_bug.cgi?id=1869201 https://www.openwall.com/lists/oss-security/2020/08/24/3 https://www.debian.org/security/2020/dsa-4760 https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://usn.ubuntu.com/4511-1/https://security.netapp.com/advisory/ntap-20200924-0006/https://security.gentoo.org/glsa/202009-14 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html https://security.gentoo.org/glsa/202011-09 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968947 https://nvd.nist.gov https://github.com/y-f00l/skr-lab https://www.debian.org/security/2020/dsa-4760

Get Started

CVE-2020-14364

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect