CVE-2020-13362

Published: 28 May 2020

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

Priority

Low

CVSS 3 base score: 3.2

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:5.0-5ubuntu4)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:4.2-3ubuntu6.4)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.31)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.45)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.47+esm1)
Patches:
Upstream: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=f50ab86a2620bd7e8507af865b164655ee921661
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=fd6918556736ecce8b10acd581ba134ffb62d9f9
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=2b151297e44655e45c18f57ae0232780ee4ad45a
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist