Back to search
CVE-2020-17380
Published: Jan 30, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=1862167
x_refsource_CONFIRM
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
x_refsource_CONFIRM
[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20210312-0003/
x_refsource_CONFIRM
[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now