QwikSec

Security Database

CVE

CWE

Training

CVE-2019-20808

Published: Dec 31, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1841136

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210205-0003/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.