vulnerability
Oracle Linux: CVE-2020-13253: ELSA-2021-9034: qemu security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:N/I:N/A:P) | 2020-05-20 | 2021-02-09 | 2024-11-29 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:P)
Published
2020-05-20
Added
2021-02-09
Modified
2024-11-29
Description
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
An out-of-bounds read-access flaw was found in the SD Memory Card emulator of the QEMU. This flaw occurs while performing block write commands via sdhci_write(), if a guest user has sent an 'address' which is out-of-bounds of 's->wp_groups'. A guest user or process may use this flaw to crash the QEMU process resulting in a denial of service.
An out-of-bounds read-access flaw was found in the SD Memory Card emulator of the QEMU. This flaw occurs while performing block write commands via sdhci_write(), if a guest user has sent an 'address' which is out-of-bounds of 's->wp_groups'. A guest user or process may use this flaw to crash the QEMU process resulting in a denial of service.
Solution(s)
oracle-linux-upgrade-ivshmem-toolsoracle-linux-upgrade-qemuoracle-linux-upgrade-qemu-block-glusteroracle-linux-upgrade-qemu-block-iscsioracle-linux-upgrade-qemu-block-rbdoracle-linux-upgrade-qemu-commonoracle-linux-upgrade-qemu-imgoracle-linux-upgrade-qemu-kvmoracle-linux-upgrade-qemu-kvm-coreoracle-linux-upgrade-qemu-system-aarch64oracle-linux-upgrade-qemu-system-aarch64-coreoracle-linux-upgrade-qemu-system-x86oracle-linux-upgrade-qemu-system-x86-core
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.