CVE-2020-17380

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

14 Oct 2022, 03:48

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2021-01-30 06:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-17380

Mitre link : CVE-2020-17380

CVE.ORG link : CVE-2020-17380


JSON object : View

Products Affected

qemu

  • qemu

debian

  • debian_linux
CWE
CWE-787

Out-of-bounds Write