PT-2023-4687 · Qemu+2 · Qemu+2

Yifan Lu

Published

2023-08-28

Updated

2024-08-04

CVE-2020-24165

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU version 4.2.0

Description An issue was discovered in the TCG Accelerator component of QEMU, related to the use of memory after it has been freed. This issue allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note that this is disputed as a bug and not a valid security issue by multiple third parties.

Recommendations For QEMU version 4.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2023-05104

CVE-2020-24165

DLA-3604-1

OESA-2023-1654

OESA-2023-1655

USN-6567-1

USN-6567-2

Affected Products

Linuxmint

Qemu

Ubuntu

PT-2023-4687 · Qemu+2 · Qemu+2

CVE-2020-24165

Weakness Enumeration

Related Identifiers

Affected Products

References · 80