CVE-2020-13361 - In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the

CVE-2020-13361

Summary

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:4.2.0:*:*:*:*:*:*:*

CVSS

Base:	3.3 (as of 11-11-2020 - 06:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:P/A:P

refmap via4

confirm	http://www.openwall.com/lists/oss-security/2020/05/28/1 https://security.netapp.com/advisory/ntap-20200608-0003/
debian	DSA-4728
gentoo	GLSA-202011-09
misc	https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html https://security-tracker.debian.org/tracker/CVE-2020-13361
mlist	[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
suse	openSUSE-SU-2020:1108
ubuntu	USN-4467-1

Last major update

11-11-2020 - 06:15

Published

28-05-2020 - 14:15

Last modified

11-11-2020 - 06:15