Back to search
CVE-2020-27821
Published: Dec 8, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
| Vendor | Product | Versions |
|---|---|---|
n/a | QEMU | affected prior to 5.2.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1902651
x_refsource_MISC
[oss-security] 20201216 CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20210115-0006/
x_refsource_CONFIRM
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now