CVE-2020-13765

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions QEMU versions 4.0 through 4.1.0

Description The issue is related to the rom copy() function in hw/core/loader.c, which does not properly validate the relationship between two addresses. This allows attackers to trigger an invalid memory copy operation, potentially leading to a buffer overflow. Exploitation of this issue may enable a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For QEMU versions 4.0 through 4.1.0, consider disabling the rom copy() function as a temporary workaround until a patch is available. Restrict access to the hw/core/loader.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-3257

ALT-PU-2019-3286

BDU:2021-01327

CESA-2021_0347

CVE-2020-13765

DLA-2262-1

DLA-2288-1

DSA-4728-1

RHSA-2021:0347

RHSA-2021_0347

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1242-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

SUSE-SU-2021:14704-1

SUSE-SU-2021:14706-1

SUSE-SU-2021_14704-1

USN-4467-1

USN-4467-3

USN-7094-1

Affected Products

Alt Linux

Centos

Linuxmint

Qemu

Red Hat

Suse

Ubuntu

CVE-2020-13765

Weakness Enumeration

Related Identifiers

Affected Products

References · 141