CVE-2020-24352

Summary

CVE	CVE-2020-24352
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-10-16 06:15:00 UTC
Updated	2021-07-21 11:39:00 UTC
Description	An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Risk And Classification

Problem Types: CWE-125 | CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Qemu	Qemu	5.0.0	rc0	All	All
Application	Qemu	Qemu	5.0.0	rc1	All	All
Application	Qemu	Qemu	5.0.0	rc0	All	All
Application	Qemu	Qemu	5.0.0	rc1	All	All
Application	Qemu	Qemu	All	All	All	All

References

Reference	Source	Link	Tags
1847584 – (CVE-2020-24352) CVE-2020-24352 QEMU: out-of-bounds read/write in ati-vga device emulation in ati_2d_blt()	MISC	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
git.qemu.org Git - qemu.git/summary	MISC	git.qemu.org	Vendor Advisory
CVE-2020-24352 QEMU Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

502353 Alpine Linux Security Update for qemu
900187 CBL-Mariner Linux Security Update for qemu-kvm 4.2.0
903532 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (3548)