CVE-2020-13362

Published: 28 May 2020

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

Priority

Cvss 3 Severity Score

3.2

Score breakdown

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	focal	Released (1:4.2-3ubuntu6.4)
	bionic	Released (1:2.11+dfsg-1ubuntu7.31)
	xenial	Released (1:2.5+dfsg-5ubuntu10.45)
	eoan	Ignored (end of life)
	groovy	Not vulnerable (1:5.0-5ubuntu4)
	hirsute	Not vulnerable (1:5.0-5ubuntu4)
	trusty	Released (2.0.0+dfsg-2ubuntu1.47+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needed
	Patches: upstream: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=f50ab86a2620bd7e8507af865b164655ee921661 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=fd6918556736ecce8b10acd581ba134ffb62d9f9 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=2b151297e44655e45c18f57ae0232780ee4ad45a
qemu-kvm Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	3.2
Attack vector	Local
Attack complexity	Low
Privileges required	High
User interaction	None
Scope	Changed
Confidentiality	None
Integrity impact	None
Availability impact	Low
Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961887

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›