PT-2020-6200 · Qemu+4 · Qemu+4

Hanqing Zhao

Published

2020-05-28

Updated

2024-06-15

CVE-2020-13361

CVSS v3.1

3.9

Low

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions QEMU versions 4.2.0 through 5.0.0

Description The issue is related to a buffer data boundary operation overflow. It allows an attacker to compromise data integrity and cause a denial of service. The problem lies in the es1370 transfer audio function in hw/audio/es1370.c, which does not properly validate the frame count. This allows guest OS users to trigger an out-of-bounds access during an es1370 write() operation.

Recommendations For QEMU versions 4.2.0 through 5.0.0, consider disabling the es1370 transfer audio function until a patch is available to prevent out-of-bounds access during es1370 write() operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-2431

ALT-PU-2020-2595

ALT-PU-2021-1880

ALT-PU-2021-1964

BDU:2021-03539

CVE-2020-13361

DLA-2262-1

DLA-2288-1

DSA-4728-1

OPENSUSE-SU-2020:1108-1

OPENSUSE-SU-2020_1108-1

OPENSUSE-SU-2024:11287-1

SUSE-SU-2020:2015-1

SUSE-SU-2020:2743-1

SUSE-SU-2020_2743-1

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

SUSE-SU-2021:14704-1

SUSE-SU-2021:14706-1

SUSE-SU-2021_14704-1

USN-4467-1

USN-4467-2

USN-4467-3

Affected Products

Alt Linux

Linuxmint

Qemu

Suse

Ubuntu

PT-2020-6200 · Qemu+4 · Qemu+4

CVE-2020-13361

Weakness Enumeration

Related Identifiers

Affected Products

References · 259