Description
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High
Affected products
- Red Hat / QEMUAll qemu versions 2.12.0 before 4.2.1 – All qemu versions 2.12.0 before 4.2.1
References
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711
- MAILING_LISThttps://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
- MAILING_LISThttps://www.openwall.com/lists/oss-security/2020/01/23/3
- VENDOR_ADVISORYhttps://usn.ubuntu.com/4283-1/
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0669
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0773
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0730
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0731
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
- MISChttps://security.gentoo.org/glsa/202005-02
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2020/09/msg00013.html