CVE-2020-15469

Published: 2 July 2020

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

Notes

Author	Note
mdeslaur	impact is limited, a privileged guest user can only use this issue to perform a denial of service to their own instance

Priority

CVSS 3 base score: 2.3

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	bionic	Released (1:2.11+dfsg-1ubuntu7.37)
	eoan	Ignored (reached end-of-life)
	focal	Released (1:4.2-3ubuntu6.17)
	groovy	Released (1:5.0-5ubuntu9.9)
	hirsute	Released (1:5.2+dfsg-9ubuntu3.1)
	impish	Released (1:6.0+dfsg-1~ubuntu3)
	jammy	Released (1:6.0+dfsg-1~ubuntu3)
	precise	Does not exist
	trusty	Needs triage
	upstream	Needs triage
	xenial	Needed
	Patches: upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=4f2a5202a05fc1612954804a2482f07bff105ea2 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=b5bf601f364e1a14ca4c3276f88dfec024acf613 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=735754aaa15a6ed46db51fd731e88331c446ea54
qemu-kvm Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	precise	Ignored (end of ESM support, was needs-triage)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist