Wind River Support Network

HomeDefectsLIN1021-313
Fixed

LIN1021-313 : Security Advisory - qemu - CVE-2020-17380

Created: May 24, 2021    Updated: Dec 19, 2021
Resolved Date: Aug 10, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.2
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

CREATE(Triage):(User=admin) CVE-2020-17380 (https://nvd.nist.gov/vuln/detail/CVE-2020-17380)

CVEs


Live chat
Online