Debian 9: DLA-2373-1 Moderate: QEMU DoS and Code Execution Risks
debian lts
September 13, 2020
The following security issues have been found in qemu, which could potentially result in DoS and execution of arbitrary code
Topics Covered
Summary
CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI
Block driver in QEMU handled a response coming from an iSCSI server
while checking the status of a Logical Address Block (LBA) in an
iscsi_co_block_status() routine. A remote user could use this flaw to
crash the QEMU process, resulting in a denial of service or potential
execution of arbitrary code with privileges of the QEMU process on the
host.
CVE-2020-13253
An out-of-bounds read access issue was found in the SD Memory Card
emulator of the QEMU. It occurs while performing block write commands
via sdhci_write(), if a guest user has sent 'address' which is OOB of
's->wp_groups'. A guest user/process may use this flaw to crash the
QEMU process resulting in DoS.
CVE-2020-14364
An out-of-bounds read/write access issue was found in the USB emulator
of the QEMU. It occurs while processing USB packets from a guest, when
PREVIOUS 
NEXT Package: qemu
Version: 1:2.8+dfsg-6+deb9u11
CVE ID: CVE-2020-1711 CVE-2020-13253 CVE-2020-14364 CVE-2020-16092
Debian Bug: 968947 961297 949731
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!