Lucene search

Veracode Vulnerability DatabaseVERACODE:26966

HistorySep 21, 2020 - 6:27 a.m.

Denial Of Service (DoS)

2020-09-2106:27:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

QEMU is vulnerable to denial of service. An integer overflow in the SM501 display driver implementation allows an attacker to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host. The vulnerability exists in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback.

CPENameOperatorVersion
qemu:focaleq1:4.2-3ubuntu6
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:xenialeq1:2.5+dfsg-5ubuntu10

Name	Operator	Version
qemu:focal	eq	1:4.2-3ubuntu6
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10

References

bugzilla.redhat.com/show_bug.cgi?id=1808510

usn.ubuntu.com/4467-1/

www.debian.org/security/2020/dsa-4760

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:26966