PT-2023-4687 · Qemu+2 · Qemu+2

Yifan Lu

Publicado

2023-08-28

Atualizado

2024-08-04

CVE-2020-24165

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU version 4.2.0

Description An issue was discovered in the TCG Accelerator component of QEMU, related to the use of memory after it has been freed. This issue allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note that this is disputed as a bug and not a valid security issue by multiple third parties.

Recommendations For QEMU version 4.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2023-05104

CVE-2020-24165

DLA-3604-1

OESA-2023-1654

OESA-2023-1655

USN-6567-1

USN-6567-2

Produtos afetados

Linuxmint

Qemu

Ubuntu

PT-2023-4687 · Qemu+2 · Qemu+2

CVE-2020-24165

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 80