CVE-2020-15859 - QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000

CVE-2020-15859

Summary

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 23-09-2022 - 15:29)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	https://bugs.launchpad.net/qemu/+bug/1886362 https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html
mlist	[oss-security] 20200721 CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets

Last major update

23-09-2022 - 15:29

Published

21-07-2020 - 16:15

Last modified

23-09-2022 - 15:29