Lucene search

[email protected]CVE-2020-25742

HistoryOct 06, 2020 - 3:15 p.m.

CVE-2020-25742

2020-10-0615:15:15

CWE-476

[email protected]

web.nvd.nist.gov

cve

2020

25742

null pointer dereference

qemu

security

vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

3.2 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

Affected configurations

NVD

Node

qemuqemuRange<5.1.1

CPENameOperatorVersion
qemu:qemuqemult5.1.1

CPE	Name	Operator	Version
qemu:qemu	qemu	lt	5.1.1

References

www.openwall.com/lists/oss-security/2020/09/29/1

bugzilla.redhat.com/show_bug.cgi?id=1883178

lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html

ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

3.2 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2020-25742

redhatcve1 veracode1 cvelist1 nvd1 cbl_mariner1 ubuntucve1 debiancve1 prion1 alpinelinux1 f51 nessus8 openvas8