Out-of-Bounds Heap Buffer Access in QEMU iSCSI Block Driver
CVE-2020-1711

7.7HIGH

Key Information:

Vendor
Red Hat
Status
Qemu
Vendor
CVE Published:
11 February 2020

Summary

A vulnerability exists in the iSCSI Block driver of QEMU, allowing an out-of-bounds heap buffer access when processing responses from iSCSI servers during status checks of Logical Address Blocks (LBA). A remote attacker could exploit this flaw to crash the QEMU process, leading to a denial of service or, potentially, the execution of arbitrary code with the privileges associated with the QEMU process.

Affected Version(s)

QEMU All qemu versions 2.12.0 before 4.2.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711
x_refsource_CONFIRM
https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg...
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2020/01/23/3
x_refsource_MISC

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.