CVE-2020-15863

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-15863
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

4.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/07/22/1 Mailing List Patch Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html Mailing List Patch Third Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html Mailing List Patch Third Party Advisory
https://security.gentoo.org/glsa/202208-27 Third Party Advisory
https://usn.ubuntu.com/4467-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4760 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/07/22/1 Mailing List Patch Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html Mailing List Patch Third Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html Mailing List Patch Third Party Advisory
https://security.gentoo.org/glsa/202208-27 Third Party Advisory
https://usn.ubuntu.com/4467-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4760 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:5.1.0:rc0:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
History

No history.

Information

Published : 2020-07-28 16:15

Updated : 2024-11-21 05:06

NVD link : CVE-2020-15863

Mitre link : CVE-2020-15863

CVE.ORG link : CVE-2020-15863

JSON object : View

Products Affected

qemu

  • qemu

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-787

Out-of-bounds Write