CVE-2020-13791

Priority
Description
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an
out-of-bounds access by providing an address near the end of the PCI
configuration space.
Notes
mdeslauras of 2020-09-29, the proposed fix has not been commited
while the CVE description mentions hw/pci/pci.c, that is
incorrect, the CVE is assigned to the hw/display/ati.c issue,
the patch to hw/pci/pci.c is just a defense in depth fix.
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):deferred (2020-09-29)
Ubuntu 20.10 (Groovy Gorilla):deferred (2020-09-29)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-29 14:14:31 UTC (commit eff99121f01c2dfd8f8977b540196cc3979b6f44)