PT-2020-6465 · Qemu+3 · Qemu+3

Ziming Zhang

·

Published

2020-05-02

·

Updated

2021-06-10

·

CVE-2020-14415

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions QEMU versions prior to 5.0.0
Description The issue is related to the oss write component in the QEMU emulator, which mishandles a buffer position and lacks a check for division by zero. This can potentially allow an attacker to cause a denial of service.
Recommendations For versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the oss write function in the audio/ossaudio.c file to minimize the risk of exploitation.

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALT-PU-2020-1912
ALT-PU-2021-1880
ALT-PU-2021-1964
BDU:2021-05169
CVE-2020-14415
USN-4467-1
USN-4467-3

Affected Products

Alt Linux
Linuxmint
Qemu
Ubuntu