Wind River Support Network


LIN1021-313 : Security Advisory - qemu - CVE-2020-17380

Created: May 24, 2021    Updated: Dec 19, 2021
Resolved Date: Aug 10, 2021
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

CREATE(Triage):(User=admin) CVE-2020-17380 (


Live chat