ALT-BU-2020-3977-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2020-05176
Уязвимость модуля mod_proxy_uwsgi веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-00585
Уязвимость реализации механизма HTTP/2 веб-сервера Apache HTTP Server, позволяющая нарущителю вызвать отказ в обслуживании
BDU:2021-00779
Уязвимость реализации механизма HTTP/2 веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании или привести к неверной конфигурации сервера
Modified: 2024-11-21
CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
- openSUSE-SU-2020:1285
- openSUSE-SU-2020:1293
- http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200810 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200817 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- https://httpd.apache.org/security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
- [httpd-cvs] 20210330 svn commit: r1888228 - in /httpd/site/trunk/content/security/json: CVE-2020-11984.json CVE-2020-11993.json
- [httpd-cvs] 20210330 svn commit: r1888199 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
- [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073171 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-11984.json security/json/CVE-2020-11993.json security/vulnerabilities_24.html
- [debian-lts-announce] 20200902 [SECURITY] [DLA 2362-1] uwsgi security update
- FEDORA-2020-0d3d3f5072
- FEDORA-2020-189a1e6c3e
- GLSA-202008-04
- https://security.netapp.com/advisory/ntap-20200814-0005/
- USN-4458-1
- DSA-4757
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- openSUSE-SU-2020:1285
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- DSA-4757
- USN-4458-1
- https://security.netapp.com/advisory/ntap-20200814-0005/
- GLSA-202008-04
- FEDORA-2020-189a1e6c3e
- FEDORA-2020-0d3d3f5072
- [debian-lts-announce] 20200902 [SECURITY] [DLA 2362-1] uwsgi security update
- [httpd-cvs] 20210330 svn commit: r1073171 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-11984.json security/json/CVE-2020-11993.json security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1888199 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
- [httpd-cvs] 20210330 svn commit: r1888228 - in /httpd/site/trunk/content/security/json: CVE-2020-11984.json CVE-2020-11993.json
- [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- [httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- https://httpd.apache.org/security/vulnerabilities_24.html
- [oss-security] 20200817 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200810 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
- http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html
- openSUSE-SU-2020:1293
Modified: 2024-11-21
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
- openSUSE-SU-2020:1285
- openSUSE-SU-2020:1293
- openSUSE-SU-2020:1792
- http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
- [httpd-cvs] 20210330 svn commit: r1888228 - in /httpd/site/trunk/content/security/json: CVE-2020-11984.json CVE-2020-11993.json
- [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ?
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073139 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073171 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-11984.json security/json/CVE-2020-11993.json security/vulnerabilities_24.html
- FEDORA-2020-8122a8daa2
- FEDORA-2020-b58dc5df38
- GLSA-202008-04
- https://security.netapp.com/advisory/ntap-20200814-0005/
- USN-4458-1
- DSA-4757
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- openSUSE-SU-2020:1285
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- DSA-4757
- USN-4458-1
- https://security.netapp.com/advisory/ntap-20200814-0005/
- GLSA-202008-04
- FEDORA-2020-b58dc5df38
- FEDORA-2020-8122a8daa2
- [httpd-cvs] 20210330 svn commit: r1073171 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-11984.json security/json/CVE-2020-11993.json security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073139 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ?
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1888228 - in /httpd/site/trunk/content/security/json: CVE-2020-11984.json CVE-2020-11993.json
- [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
- http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html
- openSUSE-SU-2020:1792
- openSUSE-SU-2020:1293
Modified: 2024-11-21
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
- openSUSE-SU-2020:1285
- openSUSE-SU-2020:1285
- openSUSE-SU-2020:1293
- openSUSE-SU-2020:1293
- openSUSE-SU-2020:1792
- openSUSE-SU-2020:1792
- http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html
- http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
- [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
- [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
- [httpd-cvs] 20210407 svn commit: r1888469 - /httpd/site/trunk/content/security/json/CVE-2020-9490.json
- [httpd-cvs] 20210407 svn commit: r1888469 - /httpd/site/trunk/content/security/json/CVE-2020-9490.json
- [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1888203 - /httpd/site/trunk/content/security/json/CVE-2020-9490.json
- [httpd-cvs] 20210330 svn commit: r1888203 - /httpd/site/trunk/content/security/json/CVE-2020-9490.json
- [httpd-cvs] 20210407 svn commit: r1073454 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-9490.json security/vulnerabilities_24.html
- [httpd-cvs] 20210407 svn commit: r1073454 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-9490.json security/vulnerabilities_24.html
- [httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ?
- [httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ?
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210330 svn commit: r1073148 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-9490.json
- [httpd-cvs] 20210330 svn commit: r1073148 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-9490.json
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
- [httpd-cvs] 20210330 svn commit: r1073139 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073139 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
- [httpd-cvs] 20210603 svn commit: r1075355 - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- [httpd-cvs] 20210603 svn commit: r1075355 - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
- FEDORA-2020-8122a8daa2
- FEDORA-2020-8122a8daa2
- FEDORA-2020-b58dc5df38
- FEDORA-2020-b58dc5df38
- GLSA-202008-04
- GLSA-202008-04
- https://security.netapp.com/advisory/ntap-20200814-0005/
- https://security.netapp.com/advisory/ntap-20200814-0005/
- USN-4458-1
- USN-4458-1
- DSA-4757
- DSA-4757
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Closed vulnerabilities
BDU:2020-05805
Уязвимость функции xgmac_enet_send из hw/net/xgmac.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю получить доступ к защищаемой информации, нарушить её целостность, а также вызвать отказ в обслуживании
BDU:2021-00070
Уязвимость программного обеспечения для эмуляции аппаратного обеспечения QEMU, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-00073
Уязвимость функции net_tx_pkt_add_raw_fragment из hw/net/net_tx_pkt.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01351
Уязвимость функции ati_mm_read из hw/display/ati.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-02091
Уязвимость процедуры sdhci_sdma_transfer_multi_blocks() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение работы приложения, а так же выполнить произвольный код
BDU:2021-03539
Уязвимость программного обеспечения для эмуляции аппаратного обеспечения QEMU, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
BDU:2021-03540
Уязвимость программного обеспечения для эмуляции аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05135
Уязвимость функции sm501_2d_operation из sm501.c эмулятора аппаратного обеспечения QEMU, связанная с целочисленным переполнением значения, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-05150
Уязвимость компонента hw/usb/hcd-ohci.c эмулятора аппаратного обеспечения QEMU, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05151
Уязвимость драйвера хост-контроллера эмулятора аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-05152
Уязвимость модуля flatview_read_continue() эмулятора аппаратного обеспечения QEMU, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-05172
Уязвимость сервера Network Block Device(NBD) эмулятора аппаратного обеспечения QEMU, связанная с неправильным учетом ресурсов внешних эмуляторов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05185
Уязвимость компонента hw/usb/hcd-xhci.c эмулятора аппаратного обеспечения QEMU, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05207
Уязвимость компонента sd_wp_addr программы для эмуляции аппаратного обеспечения других платформ QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05250
Уязвимость компонента hw/net/e1000e_core.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-10717
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
- GLSA-202011-09
- https://www.openwall.com/lists/oss-security/2020/05/04/1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717
- https://www.openwall.com/lists/oss-security/2020/05/04/1
- GLSA-202011-09
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html
Modified: 2024-11-21
CVE-2020-10761
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
- openSUSE-SU-2020:1108
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
- GLSA-202011-09
- https://security.netapp.com/advisory/ntap-20200731-0001/
- USN-4467-1
- https://www.openwall.com/lists/oss-security/2020/06/09/1
- openSUSE-SU-2020:1108
- https://www.openwall.com/lists/oss-security/2020/06/09/1
- USN-4467-1
- https://security.netapp.com/advisory/ntap-20200731-0001/
- GLSA-202011-09
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
Modified: 2024-11-21
CVE-2020-12829
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
Modified: 2024-11-21
CVE-2020-13253
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
- http://www.openwall.com/lists/oss-security/2020/05/27/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1838546
- [debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
- GLSA-202011-09
- USN-4467-1
- http://www.openwall.com/lists/oss-security/2020/05/27/2
- USN-4467-1
- GLSA-202011-09
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1838546
Modified: 2024-11-21
CVE-2020-13361
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
- openSUSE-SU-2020:1108
- http://www.openwall.com/lists/oss-security/2020/05/28/1
- [debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html
- GLSA-202011-09
- https://security.netapp.com/advisory/ntap-20200608-0003/
- https://security-tracker.debian.org/tracker/CVE-2020-13361
- USN-4467-1
- DSA-4728
- openSUSE-SU-2020:1108
- DSA-4728
- USN-4467-1
- https://security-tracker.debian.org/tracker/CVE-2020-13361
- https://security.netapp.com/advisory/ntap-20200608-0003/
- GLSA-202011-09
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- [debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update
- http://www.openwall.com/lists/oss-security/2020/05/28/1
Modified: 2024-11-21
CVE-2020-13362
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
- openSUSE-SU-2020:1108
- http://www.openwall.com/lists/oss-security/2020/05/28/2
- [debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html
- GLSA-202011-09
- https://security.netapp.com/advisory/ntap-20200608-0003/
- https://security-tracker.debian.org/tracker/CVE-2020-13362
- USN-4467-1
- DSA-4728
- openSUSE-SU-2020:1108
- DSA-4728
- USN-4467-1
- https://security-tracker.debian.org/tracker/CVE-2020-13362
- https://security.netapp.com/advisory/ntap-20200608-0003/
- GLSA-202011-09
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- [debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update
- http://www.openwall.com/lists/oss-security/2020/05/28/2
Modified: 2024-11-21
CVE-2020-13754
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
- http://www.openwall.com/lists/oss-security/2020/06/01/6
- [oss-security] 20200615 Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
- GLSA-202011-09
- https://security.netapp.com/advisory/ntap-20200608-0007/
- USN-4467-1
- DSA-4728
- http://www.openwall.com/lists/oss-security/2020/06/01/6
- DSA-4728
- USN-4467-1
- https://security.netapp.com/advisory/ntap-20200608-0007/
- GLSA-202011-09
- https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- [oss-security] 20200615 Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS
Modified: 2024-11-21
CVE-2020-13791
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
- https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html
- GLSA-202011-09
- https://security.netapp.com/advisory/ntap-20200717-0001/
- https://www.openwall.com/lists/oss-security/2020/06/04/1
- https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html
- https://www.openwall.com/lists/oss-security/2020/06/04/1
- https://security.netapp.com/advisory/ntap-20200717-0001/
- GLSA-202011-09
Modified: 2024-11-21
CVE-2020-15469
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
- http://www.openwall.com/lists/oss-security/2020/07/02/1
- http://www.openwall.com/lists/oss-security/2020/07/02/1
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html
Modified: 2024-11-21
CVE-2020-15863
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
- openSUSE-SU-2020:1664
- openSUSE-SU-2020:1664
- http://www.openwall.com/lists/oss-security/2020/07/22/1
- http://www.openwall.com/lists/oss-security/2020/07/22/1
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555
- https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html
- GLSA-202208-27
- GLSA-202208-27
- USN-4467-1
- USN-4467-1
- DSA-4760
- DSA-4760
Modified: 2024-11-21
CVE-2020-16092
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
- openSUSE-SU-2020:1664
- openSUSE-SU-2020:1664
- http://www.openwall.com/lists/oss-security/2020/08/10/1
- http://www.openwall.com/lists/oss-security/2020/08/10/1
- [debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update
- [debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html
- GLSA-202208-27
- GLSA-202208-27
- https://security.netapp.com/advisory/ntap-20200821-0006/
- https://security.netapp.com/advisory/ntap-20200821-0006/
- USN-4467-1
- USN-4467-1
- DSA-4760
- DSA-4760
Modified: 2024-11-21
CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
- [oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085
- [oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085
- https://bugzilla.redhat.com/show_bug.cgi?id=1862167
- https://bugzilla.redhat.com/show_bug.cgi?id=1862167
- [debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update
- [debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
- https://security.netapp.com/advisory/ntap-20210312-0003/
- https://security.netapp.com/advisory/ntap-20210312-0003/
Modified: 2024-11-21
CVE-2020-25084
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
- http://www.openwall.com/lists/oss-security/2020/09/16/5
- http://www.openwall.com/lists/oss-security/2020/09/16/5
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
- https://security.netapp.com/advisory/ntap-20201009-0005/
- https://security.netapp.com/advisory/ntap-20201009-0005/
Modified: 2024-11-21
CVE-2020-25085
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
- http://www.openwall.com/lists/oss-security/2020/09/16/6
- http://www.openwall.com/lists/oss-security/2020/09/16/6
- [oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085
- [oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085
- https://bugs.launchpad.net/qemu/+bug/1892960
- https://bugs.launchpad.net/qemu/+bug/1892960
- [debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update
- [debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
- https://security.netapp.com/advisory/ntap-20201009-0005/
- https://security.netapp.com/advisory/ntap-20201009-0005/
Modified: 2024-11-21
CVE-2020-25624
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
- https://security.netapp.com/advisory/ntap-20201210-0005/
- https://security.netapp.com/advisory/ntap-20201210-0005/
Modified: 2024-11-21
CVE-2020-25625
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
- http://www.openwall.com/lists/oss-security/2020/09/17/1
- http://www.openwall.com/lists/oss-security/2020/09/17/1
- [debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update
- [debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
- https://security.netapp.com/advisory/ntap-20201009-0005/
- https://security.netapp.com/advisory/ntap-20201009-0005/
Modified: 2024-11-21
CVE-2020-25741
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
- http://www.openwall.com/lists/oss-security/2020/09/29/1
- http://www.openwall.com/lists/oss-security/2020/09/29/1
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html
- https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
- https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
- https://security.netapp.com/advisory/ntap-20201009-0005/
- https://security.netapp.com/advisory/ntap-20201009-0005/
Modified: 2024-11-21
CVE-2020-28916
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
- http://www.openwall.com/lists/oss-security/2020/12/01/2
- http://www.openwall.com/lists/oss-security/2020/12/01/2
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- [debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update
- https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
Closed bugs
Build and package static devel