CVE-2020-11947
Summary
| CVE | CVE-2020-11947 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-31 01:15:00 UTC |
| Updated | 2023-11-07 03:15:00 UTC |
| Description | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.qemu.org Git - qemu.git/commit | git.qemu.org | ||
| git.qemu.org Git - qemu.git/commit | MISC | git.qemu.org | Patch, Vendor Advisory |
| oss-security - CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| CVE-2020-11947 QEMU Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159456 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2021-1762)
- 174921 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1245-1)
- 174922 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1240-1)
- 174923 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1241-1)
- 174924 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1244-1)
- 174926 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1242-1)
- 239306 Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2021:1762)
- 352383 Amazon Linux Security Advisory for qemu: ALAS2-2021-1671
- 377413 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0119)
- 750338 OpenSUSE Security Update for qemu (openSUSE-SU-2021:0363-1)
- 940118 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2021:1762)
- 960265 Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2021:1762)