CVE-2020-27821
Summary
| CVE | CVE-2020-27821 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-08 22:15:00 UTC |
| Updated | 2023-11-07 03:21:00 UTC |
| Description | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1902651 – (CVE-2020-27821) CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c | MISC | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| CVE-2020-27821 QEMU Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] [DLA 3099-1] qemu security update | MLIST | lists.debian.org | |
| oss-security - CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159250 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9285)
- 159456 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2021-1762)
- 159566 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2021-9568)
- 174920 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1243-1)
- 174921 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1245-1)
- 174926 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1242-1)
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 239306 Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2021:1762)
- 352383 Amazon Linux Security Advisory for qemu: ALAS2-2021-1671
- 377413 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0119)
- 502353 Alpine Linux Security Update for qemu
- 671198 EulerOS Security Update for qemu (EulerOS-SA-2022-1034)
- 671203 EulerOS Security Update for qemu (EulerOS-SA-2022-1014)
- 750149 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1942-1)
- 750251 OpenSUSE Security Update for qemu (openSUSE-SU-2021:0600-1)
- 750771 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1942-1)
- 900219 CBL-Mariner Linux Security Update for qemu-kvm 4.2.0
- 903447 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (3660)
- 940118 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2021:1762)
- 960265 Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2021:1762)