Lucene search

QEMU 4.2 < 5.1.0-rc0 Multiple Vulnerabilities

QEMU 4.2 < 5.1.0-rc0 Multiple Vulnerabilitie

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 161
F5 Networks	K69488451 : Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863	3 Aug 202000:00	–	f5
F5 Networks	K61547155 : QEMU vulnerabilities CVE-2020-10761, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, and CVE-2020-13754	5 Aug 202000:00	–	f5
RedhatCVE	CVE-2020-10761	9 Jun 202005:24	–	redhatcve
RedhatCVE	CVE-2020-13791	4 Jun 202005:21	–	redhatcve
RedhatCVE	CVE-2020-15859	21 Jul 202011:37	–	redhatcve
RedhatCVE	CVE-2020-15469	2 Jul 202005:51	–	redhatcve
UbuntuCve	CVE-2020-10761	9 Jun 202000:00	–	ubuntucve
UbuntuCve	CVE-2020-13791	4 Jun 202000:00	–	ubuntucve
UbuntuCve	CVE-2020-15469	2 Jul 202000:00	–	ubuntucve
UbuntuCve	CVE-2020-15859	21 Jul 202000:00	–	ubuntucve

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
nessus	www.nessus.org/u
wiki	www.wiki.qemu.org/ChangeLog/5.1
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(138897);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/28");

  script_cve_id(
    "CVE-2020-10761",
    "CVE-2020-13791",
    "CVE-2020-15469",
    "CVE-2020-15859"
  );
  script_xref(name:"IAVB", value:"2020-B-0041-S");

  script_name(english:"QEMU 4.2 < 5.1.0-rc0 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has virtualization software installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of QEMU installed on the remote Windows host is prior to release 5.1.0-rc0. It is, therefore, affected by 
multiple vulnerabilities:
  A denial of service flaw occurs when an nbd-client sends a spec-compliant request that is near the 
  boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the 
  qemu-nbd server resulting in a denial of service. (CVE-2020-10761)

  An out-of-bounds error occurs within hw/pci/pci.c. A guest OS user could use this flaw
  by providing an address near the end of the PCI configuration space. (CVE-2020-13791)

  A MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
  (CVE-2020-15469)

  A use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with 
  the data's address set to the e1000e's MMIO address. (CVE-2020-15859)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version 
number.");
  # https://git.qemu.org/?p=qemu.git;a=commit;h=9f1f264edbdf5516d6f208497310b3eedbc7b74c
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9b94deb");
  script_set_attribute(attribute:"see_also", value:"https://wiki.qemu.org/ChangeLog/5.1");
  script_set_attribute(attribute:"solution", value:
"Upgrade to QEMU 5.1.0-rc0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10761");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-13791");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:qemu:qemu");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("qemu_installed_windows.nbin");
  script_require_keys("installed_sw/QEMU");

  exit(0);
}

include('vcf.inc');

app_info = vcf::get_app_info(app:'QEMU', win_local:TRUE);

constraints = [{'min_version':'4.2', 'fixed_version' : '5.0.90.0', 'fixed_display':'5.1.0-rc0' }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jul 2020 00:00Current

5.2Medium risk

Vulners AI Score5.2

CVSS22.1

CVSS35 - 5.5

EPSS0.00711