CVE-2020-24352

2020-10-1606:15:00

Debian Security Bug Tracker

security-tracker.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.7%

JSON

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

OSVersionArchitecturePackageVersionFilename
Debian12allqemu<= 1:7.2+dfsg-7+deb12u5qemu_1:7.2+dfsg-7+deb12u5_all.deb
Debian11allqemu<= 1:5.2+dfsg-11+deb11u3qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian10allqemu< 1:3.1+dfsg-8+deb10u8qemu_1:3.1+dfsg-8+deb10u8_all.deb
Debian999allqemu<= 1:8.2.3+ds-1qemu_1:8.2.3+ds-1_all.deb
Debian13allqemu<= 1:8.2.1+ds-2qemu_1:8.2.1+ds-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qemu	<= 1:7.2+dfsg-7+deb12u5	qemu_1:7.2+dfsg-7+deb12u5_all.deb
Debian	11	all	qemu	<= 1:5.2+dfsg-11+deb11u3	qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian	10	all	qemu	< 1:3.1+dfsg-8+deb10u8	qemu_1:3.1+dfsg-8+deb10u8_all.deb
Debian	999	all	qemu	<= 1:8.2.3+ds-1	qemu_1:8.2.3+ds-1_all.deb
Debian	13	all	qemu	<= 1:8.2.1+ds-2	qemu_1:8.2.1+ds-2_all.deb