CVE-2020-13765

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

Published: Jun 4, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-13765
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.6
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
qemu / qemu	4.0.0	4.0.0.x
qemu / qemu	4.1.0	4.1.0.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	16.04	16.04.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x

https://git.qemu.org/?p=qemu.git;a=commit;h=e423455c4f23a1a828901c78fe6d03b7dde79319
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319
https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676
https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
https://security.netapp.com/advisory/ntap-20200619-0006/
https://usn.ubuntu.com/4467-1/
https://www.openwall.com/lists/oss-security/2020/06/03/6

Vulnerability Database

CVE-2020-13765