CVE-2020-13765 - rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two

CVE-2020-13765

Summary

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 07-10-2022 - 01:28)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200619-0006/ https://www.openwall.com/lists/oss-security/2020/06/03/6
misc	https://git.qemu.org/?p=qemu.git;a=commit;h=e423455c4f23a1a828901c78fe6d03b7dde79319 https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676
mlist	[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
ubuntu	USN-4467-1

Last major update

07-10-2022 - 01:28

Published

04-06-2020 - 16:15

Last modified

07-10-2022 - 01:28