CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
EPSS
Percentile
30.2%
An out-of-bound read and write access vulnerability was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest. Attackers can use this vulnerability to crash the QEMU process resulting in DoS or potentially execute arbitrary code with the privileges of the QEMU process on the host. This can compromise normal service of the affected product. (Vulnerability ID: HWPSIRT-2020-61105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-14364.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-qemu-en
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | fusioncompute_firmware | 6.3.0 | cpe:2.3:o:huawei:fusioncompute_firmware:6.3.0:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | 6.3.1 | cpe:2.3:o:huawei:fusioncompute_firmware:6.3.1:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | 6.5.0 | cpe:2.3:o:huawei:fusioncompute_firmware:6.5.0:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | 6.5.1 | cpe:2.3:o:huawei:fusioncompute_firmware:6.5.1:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | 6.5.1.spc1 | cpe:2.3:o:huawei:fusioncompute_firmware:6.5.1.spc1:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | 8.0.0.spc1 | cpe:2.3:o:huawei:fusioncompute_firmware:8.0.0.spc1:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | 8.0.rc2 | cpe:2.3:o:huawei:fusioncompute_firmware:8.0.rc2:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | v100r006c00 | cpe:2.3:o:huawei:fusioncompute_firmware:v100r006c00:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | v100r006c10 | cpe:2.3:o:huawei:fusioncompute_firmware:v100r006c10:*:*:*:*:*:*:* |
huawei | fusioncompute_firmware | v100r006c10rc1 | cpe:2.3:o:huawei:fusioncompute_firmware:v100r006c10rc1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
EPSS
Percentile
30.2%