CVE-2020-13765 Information

Description

rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses which allows attackers to trigger an invalid memory copy operation.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://git.qemu.org/?p=qemu.git;a=commit;h=e423455c4f23a1a828901c78fe6d03b7dde79319 https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://security.netapp.com/advisory/ntap-20200619-0006/ https://usn.ubuntu.com/4467-1/ https://www.openwall.com/lists/oss-security/2020/06/03/6

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.6