6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
7.8 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.3%
Debian LTS Advisory DLA-2373-1 [email protected]
https://www.debian.org/lts/security/ Abhijith PA
September 13, 2020 https://wiki.debian.org/LTS
Package : qemu
Version : 1:2.8+dfsg-6+deb9u11
CVE ID : CVE-2020-1711 CVE-2020-13253 CVE-2020-14364 CVE-2020-16092
Debian Bug : 968947 961297 949731
The following security issues have been found in qemu, which could
potentially result in DoS and execution of arbitrary code.
CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI
Block driver in QEMU handled a response coming from an iSCSI server
while checking the status of a Logical Address Block (LBA) in an
iscsi_co_block_status() routine. A remote user could use this flaw to
crash the QEMU process, resulting in a denial of service or potential
execution of arbitrary code with privileges of the QEMU process on the
host.
CVE-2020-13253
An out-of-bounds read access issue was found in the SD Memory Card
emulator of the QEMU. It occurs while performing block write commands
via sdhci_write(), if a guest user has sent 'address' which is OOB of
's->wp_groups'. A guest user/process may use this flaw to crash the
QEMU process resulting in DoS.
CVE-2020-14364
An out-of-bounds read/write access issue was found in the USB emulator
of the QEMU. It occurs while processing USB packets from a guest, when
'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in
do_token_{in,out} routines.
CVE-2020-16092
An assertion failure can occur in the network packet processing. This
issue affects the e1000e and vmxnet3 network devices. A malicious guest
user/process could use this flaw to abort the QEMU process on the host,
resulting in a denial of service condition in
net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c
For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u11.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
7.8 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.3%