Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892373
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for qemu (DLA-2373-1)
Summary:The remote host is missing an update for the 'qemu'; package(s) announced via the DLA-2373-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the DLA-2373-1 advisory.

Vulnerability Insight:
The following security issues have been found in qemu, which could
potentially result in DoS and execution of arbitrary code.

CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI
Block driver in QEMU handled a response coming from an iSCSI server
while checking the status of a Logical Address Block (LBA) in an
iscsi_co_block_status() routine. A remote user could use this flaw to
crash the QEMU process, resulting in a denial of service or potential
execution of arbitrary code with privileges of the QEMU process on the
host.

CVE-2020-13253

An out-of-bounds read access issue was found in the SD Memory Card
emulator of the QEMU. It occurs while performing block write commands
via sdhci_write(), if a guest user has sent 'address' which is OOB of
's->wp_groups'. A guest user/process may use this flaw to crash the
QEMU process resulting in DoS.

CVE-2020-14364

An out-of-bounds read/write access issue was found in the USB emulator
of the QEMU. It occurs while processing USB packets from a guest, when
'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in
do_token_{in, out} routines.

CVE-2020-16092

An assertion failure can occur in the network packet processing. This
issue affects the e1000e and vmxnet3 network devices. A malicious guest
user/process could use this flaw to abort the QEMU process on the host,
resulting in a denial of service condition in
net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c

Affected Software/OS:
'qemu' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u11.

We recommend that you upgrade your qemu packages.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-1711
https://security.gentoo.org/glsa/202005-02
https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
https://www.openwall.com/lists/oss-security/2020/01/23/3
https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
RedHat Security Advisories: RHSA-2020:0669
https://access.redhat.com/errata/RHSA-2020:0669
RedHat Security Advisories: RHSA-2020:0730
https://access.redhat.com/errata/RHSA-2020:0730
RedHat Security Advisories: RHSA-2020:0731
https://access.redhat.com/errata/RHSA-2020:0731
RedHat Security Advisories: RHSA-2020:0773
https://access.redhat.com/errata/RHSA-2020:0773
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/4283-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.