Debian 9 Stretch DLA-2560-1 Critical: QEMU Code Exploits and DoS Risks
debian lts
February 18, 2021
Several vulnerabilities were discovered in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization)
Topics Covered
Summary
A MemoryRegionOps object may lack read/write callback methods,
leading to a NULL pointer dereference.
CVE-2020-15859
QEMU has a use-after-free in hw/net/e1000e_core.c because a guest
OS user can trigger an e1000e packet with the data's address set
to the e1000e's MMIO address.
CVE-2020-25084
QEMU has a use-after-free in hw/usb/hcd-xhci.c because the
usb_packet_map return value is not checked.
CVE-2020-28916
hw/net/e1000e_core.c has an infinite loop via an RX descriptor
with a NULL buffer address.
CVE-2020-29130
slirp.c has a buffer over-read because it tries to read a certain
amount of header data even if that exceeds the total packet
length.
CVE-2020-29443
ide_atapi_cmd_reply_end in hw/ide/atapi.c allows out-of-bounds
read access because a buffer index is not validated.
CVE-2021-20181
9pfs: ZDI-CAN-10904: QEMU Plan 9 file system TOCTOU privilege
escalation vulnerability.
CVE-2021-20221
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
--------------------------------------------------------------------------Package: qemu
Version: 1:2.8+dfsg-6+deb9u13
CVE ID: CVE-2020-15469 CVE-2020-15859 CVE-2020-25084 CVE-2020-28916
Debian Bug: 970253 965978 970539 974687 976388
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!