Denial Of Service (DoS)

2020-09-2106:27:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

QEMU is vulnerable to denial of service. An integer overflow in the SM501 display driver implementation allows an attacker to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host. The vulnerability exists in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback.

CPENameOperatorVersion
qemu:focaleq1:4.2-3ubuntu6
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:xenialeq1:2.5+dfsg-5ubuntu10

Name	Operator	Version
qemu:focal	eq	1:4.2-3ubuntu6
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10

References

bugzilla.redhat.com/show_bug.cgi?id=1808510

usn.ubuntu.com/4467-1/

www.debian.org/security/2020/dsa-4760

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:26966