CVE-2020-11947

CVSS v3.1

6.4

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU version 4.1.0

Description The issue is related to a heap-based buffer over-read in the iscsi aio ioctl cb function in the block/iscsi.c file. This may disclose unrelated information from process memory to an attacker. The vulnerability is associated with reading beyond the valid boundaries of a data buffer.

Recommendations For QEMU version 4.1.0, consider disabling the iscsi aio ioctl cb function as a temporary workaround until a patch is available. Restrict access to the block/iscsi.c module to minimize the risk of exploitation. Avoid using the vulnerable iscsi aio ioctl cb function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2021:1762

ALT-PU-2019-3257

ALT-PU-2019-3286

BDU:2021-05171

CESA-2021_1762

CVE-2020-11947

DLA-2288-1

DSA-4665-1

OPENSUSE-SU-2021:0363-1

OPENSUSE-SU-2021_0363-1

RHSA-2021:0648

RHSA-2021:1762

RHSA-2021_1762

RLSA-2021:1762

SUSE-SU-2021:0521-1

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1242-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

SUSE-SU-2021:14772-1

SUSE-SU-2021:14774-1

SUSE-SU-2021_0521-1

SUSE-SU-2021_1240-1

SUSE-SU-2021_1241-1

SUSE-SU-2021_1242-1

SUSE-SU-2021_1244-1

SUSE-SU-2021_1245-1

SUSE-SU-2021_1305-1

SUSE-SU-2021_14772-1

USN-4725-1

USN-8412-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Qemu

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2020-11947

Weakness Enumeration

Related Identifiers

Affected Products

References · 201