CVE-2020-25085

Published: 25 September 2020

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

Notes

Author	Note
mdeslaur	same fix as CVE-2020-17380

Priority

Cvss 3 Severity Score

5.0

Score breakdown

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	bionic	Released (1:2.11+dfsg-1ubuntu7.34)
	focal	Released (1:4.2-3ubuntu6.10)
	groovy	Released (1:5.0-5ubuntu9.2)
	hirsute	Released (1:5.2+dfsg-2ubuntu1)
	impish	Released (1:5.2+dfsg-2ubuntu1)
	jammy	Released (1:5.2+dfsg-2ubuntu1)
	kinetic	Released (1:5.2+dfsg-2ubuntu1)
	lunar	Released (1:5.2+dfsg-2ubuntu1)
	mantic	Released (1:5.2+dfsg-2ubuntu1)
	trusty	Needed
	upstream	Released (1:5.2+dfsg-1)
	xenial	Released (1:2.5+dfsg-5ubuntu10.48)
	Patches: upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
qemu-kvm Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	5.0
Attack vector	Local
Attack complexity	High
Privileges required	High
User interaction	None
Scope	Changed
Confidentiality	Low
Integrity impact	Low
Availability impact	Low
Vector	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›