Wind River Support Network

HomeDefectsLIN10-7071

Fixed

LIN10-7071 : Security Advisory - qemu - CVE-2019-20382

Created: Mar 5, 2020 Updated: Apr 22, 2022

Resolved Date: Mar 13, 2020

Found In Version: 10.17.41.1

Fix Version: 10.17.41.20

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

CREATE(Triage):(User=admin) CVE-2019-20382 (https://nvd.nist.gov/vuln/detail/CVE-2019-20382)

CVEs

CVE-2019-20382