CVE-2020-25085 - QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.

CVE-2020-25085

Summary

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:5.0.0:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 23-09-2022 - 16:06)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://www.openwall.com/lists/oss-security/2020/09/16/6 https://security.netapp.com/advisory/ntap-20201009-0005/
misc	https://bugs.launchpad.net/qemu/+bug/1892960 https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
mlist	[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update

Last major update

23-09-2022 - 16:06

Published

25-09-2020 - 05:15

Last modified

23-09-2022 - 16:06