7 matches found
Arbitrary Code Execution
qemu is vulnerable to arbitrary code execution. The romcopy in hw/core/loader.c does not validate the relationship between two addresses and allows attackers to perform an invalid memory copy operation...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
Design/Logic Flaw
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
CVE-2020-13765
CVE-2020-13765 affects QEMU 4.0 and 4.1.0, where rom_copy() in hw/core/loader.c does not validate the relationship between two addresses, enabling an out-of-bounds memory copy and potentially code execution. Public advisories (e.g., Oracle Linux ELSA entries and MiracleLinux AXSA-2021-1371) indic...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...