GoogleOSV:USN-5010-1qemu vulnerabilities
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.1 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
29.5%
Lei Sun discovered that QEMU incorrectly handled certain MMIO operations.
An attacker inside the guest could possibly use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2020-15469)
Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI
commands. An attacker inside the guest could possibly use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 21.04. (CVE-2020-29443)
Cheolwoo Myung discovered that QEMU incorrectly handled SCSI device
emulation. An attacker inside the guest could possibly use this issue to
cause QEMU to crash, resulting in a denial of service. (CVE-2020-35504,
CVE-2020-35505, CVE-2021-3392)
Alex Xu discovered that QEMU incorrectly handled the virtio-fs shared file
system daemon. An attacker inside the guest could possibly use this issue
to read and write to host devices. This issue only affected Ubuntu 20.10.
(CVE-2020-35517)
It was discovered that QEMU incorrectly handled ARM Generic Interrupt
Controller emulation. An attacker inside the guest could possibly use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10.
(CVE-2021-20221)
Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann,
and Simon Werner discovered that QEMU incorrectly handled e1000 device
emulation. An attacker inside the guest could possibly use this issue to
cause QEMU to hang, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10.
(CVE-2021-20257)
It was discovered that QEMU incorrectly handled SDHCI controller emulation.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. In
the default installation, when QEMU is used in combination with libvirt,
attackers would be isolated by the libvirt AppArmor profile.
(CVE-2021-3409)
It was discovered that QEMU incorrectly handled certain NIC emulation
devices. An attacker inside the guest could possibly use this issue to
cause QEMU to hang or crash, resulting in a denial of service. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10.
(CVE-2021-3416)
Remy Noel discovered that QEMU incorrectly handled the USB redirector
device. An attacker inside the guest could possibly use this issue to
cause QEMU to consume resources, resulting in a denial of service.
(CVE-2021-3527)
It was discovered that QEMU incorrectly handled the virtio vhost-user GPU
device. An attacker inside the guest could possibly use this issue to cause
QEMU to consume resources, leading to a denial of service. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3544)
It was discovered that QEMU incorrectly handled the virtio vhost-user GPU
device. An attacker inside the guest could possibly use this issue to
obtain sensitive host information. This issue only affected Ubuntu 20.04
LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3545)
It was discovered that QEMU incorrectly handled the virtio vhost-user GPU
device. An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service, or possibly execute arbitrary
code. In the default installation, when QEMU is used in combination with
libvirt, attackers would be isolated by the libvirt AppArmor profile. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04.
(CVE-2021-3546)
It was discovered that QEMU incorrectly handled the PVRDMA device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. In
the default installation, when QEMU is used in combination with libvirt,
attackers would be isolated by the libvirt AppArmor profile. This issue
only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04.
(CVE-2021-3582, CVE-2021-3607, CVE-2021-3608)
It was discovered that QEMU SLiRP networking incorrectly handled certain
udp packets. An attacker inside a guest could possibly use this issue to
leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593,
CVE-2021-3594, CVE-2021-3595)
References
ubuntu.com/security/CVE-2020-15469
ubuntu.com/security/CVE-2020-29443
ubuntu.com/security/CVE-2020-35504
ubuntu.com/security/CVE-2020-35505
ubuntu.com/security/CVE-2020-35517
ubuntu.com/security/CVE-2021-20221
ubuntu.com/security/CVE-2021-20257
ubuntu.com/security/CVE-2021-3392
ubuntu.com/security/CVE-2021-3409
ubuntu.com/security/CVE-2021-3416
ubuntu.com/security/CVE-2021-3527
ubuntu.com/security/CVE-2021-3544
ubuntu.com/security/CVE-2021-3545
ubuntu.com/security/CVE-2021-3546
ubuntu.com/security/CVE-2021-3582
ubuntu.com/security/CVE-2021-3592
ubuntu.com/security/CVE-2021-3593
ubuntu.com/security/CVE-2021-3594
ubuntu.com/security/CVE-2021-3595
ubuntu.com/security/CVE-2021-3607
ubuntu.com/security/CVE-2021-3608
ubuntu.com/security/notices/USN-5010-1
Related
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.1 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
29.5%