Lucene search

[email protected]CVE-2020-27616

HistoryNov 06, 2020 - 8:15 a.m.

CVE-2020-27616

2020-11-0608:15:00

CWE-682

[email protected]

web.nvd.nist.gov

194

cve-2020-27616

ati_2d_blt

qemu 4.2.1

outside limits situation

guest crash

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

35.9%

JSON

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.

CPENameOperatorVersion
qemu:qemuqemueq4.2.1

CPE	Name	Operator	Version
qemu:qemu	qemu	eq	4.2.1

References

www.openwall.com/lists/oss-security/2020/11/03/2

lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html

security.netapp.com/advisory/ntap-20201202-0002/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2020-27616

debiancve1 alpinelinux1 prion1 ubuntucve1 veracode1 osv2 redhatcve1 f51 openvas5 ubuntu1 nessus6 suse1 oraclelinux1