Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2020-1983

Published: 22/04/2020 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libslirp

Vulnerability Summary

It exists that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. (CVE-2019-15034)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libslirp project libslirp

fedoraproject fedora 31

fedoraproject fedora 32

debian debian linux 8.0

debian debian linux 9.0

opensuse leap 15.1

canonical ubuntu linux 18.04

canonical ubuntu linux 19.10

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-4665-1 qemu -- security update
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code For the stable distribution (buster), these problems have been fixed in version 1:31+dfsg-8+deb10u5 We recommend that you upgrade your qemu packages For the detailed security status of qemu plea ...
Red Hat: Moderate: qemu-kvm-rhev security update
Synopsis Moderate: qemu-kvm-rhev security update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security ...
Red Hat: Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Mode ...
Red Hat: Moderate: qemu-kvm-ma security update
Synopsis Moderate: qemu-kvm-ma security update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Synopsis Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: qemu-kvm security update
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Important: virt:8.1 and virt-devel:8.1 security update
Synopsis Important: virt:81 and virt-devel:81 security update Type/Severity Security Advisory: Important Topic An update for the virt:81 and virt-devel:81 modules is now available for Advanced Virtualization for RHEL 811Red Hat Product Security has rated this update as having a security impact of Imp ...
Amazon Linux 2: ALAS2-2020-1485
A use after free vulnerability in ip_reass() in ip_inputc of libslirp 420 and prior releases allows crafted packets to cause a denial of service A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose comb ...
Amazon Linux AMI: ALAS-2020-1449
qemu-seccompc in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (CVE-2018-15746) A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator This flaw occurs in the ip_reass() routine whi ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1110 qemu 420-2 500-1 High Fixed ...

References

CWE-416https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04https://www.debian.org/security/2020/dsa-4665http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.htmlhttps://usn.ubuntu.com/4372-1/http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2020/06/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2020/07/msg00020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKT2MTSINE4NUPG5L6BYH6N23NBNITOL/https://usn.ubuntu.com/4372-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook