CVE-2020-15469

Published: 02 July 2020

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

Priority

Low

CVSS 3 base score: 2.3

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (1:5.2+dfsg-9ubuntu3.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:4.2-3ubuntu6.17)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.37)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=4f2a5202a05fc1612954804a2482f07bff105ea2
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=b5bf601f364e1a14ca4c3276f88dfec024acf613
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=735754aaa15a6ed46db51fd731e88331c446ea54
qemu-kvm
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
mdeslaur 
impact is limited, a privileged guest user can only use this
issue to perform a denial of service to their own instance

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading