Out-of-Bounds Affecting qemu package, versions *
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-QEMU-1558304
- published 22 Aug 2020
- disclosed 16 Oct 2020
Introduced: 22 Aug 2020
CVE-2020-24352 Open this link in a new tabHow to fix?
There is no fixed version for Debian:12
qemu
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream qemu
package and not the qemu
package as distributed by Debian
.
See How to fix?
for Debian:12
relevant fixed versions and status.
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
References
- https://security-tracker.debian.org/tracker/CVE-2020-24352
- https://security.netapp.com/advisory/ntap-20201123-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=1847584
- https://git.qemu.org/?p=qemu.git
- https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37