PT-2020-6491 · Qemu+9 · Qemu+9

Alexander Bulekov

Published

2020-12-08

Updated

2024-06-15

CVE-2020-27821

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 5.2.0

Description A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service.

Recommendations For QEMU versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the memory management API to minimize the risk of exploitation.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:1762

ALT-PU-2020-3527

ALT-PU-2021-1880

ALT-PU-2021-1964

BDU:2021-05312

CESA-2021_1762

CVE-2020-27821

DLA-3099-1

OESA-2021-1012

OPENSUSE-SU-2021:0600-1

OPENSUSE-SU-2021:1942-1

OPENSUSE-SU-2021_0600-1

OPENSUSE-SU-2021_1942-1

OPENSUSE-SU-2024:11287-1

RHSA-2021:1762

RHSA-2021_1762

RLSA-2021:1762

SUSE-SU-2021:1242-1

SUSE-SU-2021:1243-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1942-1

USN-4725-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-6491 · Qemu+9 · Qemu+9

CVE-2020-27821

Weakness Enumeration

Related Identifiers

Affected Products

References · 288