Lucene search

PRIOn knowledge basePRION:CVE-2020-13253

HistoryMay 27, 2020 - 3:15 p.m.

Design/Logic Flaw

2020-05-2715:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq18.04
ubuntu_linuxeq20.04
debian_linuxeq9.0
debian_linuxeq10.0
qemule5.0.1

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	20.04
debian_linux	eq	9.0
debian_linux	eq	10.0
qemu	le	5.0.1

References

www.openwall.com/lists/oss-security/2020/05/27/2

bugzilla.redhat.com/show_bug.cgi?id=1838546

lists.debian.org/debian-lts-announce/2020/09/msg00013.html

lists.debian.org/debian-lts-announce/2022/09/msg00008.html

lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html

security.gentoo.org/glsa/202011-09

usn.ubuntu.com/4467-1/