CVE-2020-14364

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html

https://bugzilla.redhat.com/show_bug.cgi?id=1869201

https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/

https://lists.fedoraproject.org/archives/list/[email protected]/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/

https://security.gentoo.org/glsa/202009-14

https://security.gentoo.org/glsa/202011-09

https://security.netapp.com/advisory/ntap-20200924-0006/

https://usn.ubuntu.com/4511-1/

https://www.debian.org/security/2020/dsa-4760

https://www.openwall.com/lists/oss-security/2020/08/24/2

https://www.openwall.com/lists/oss-security/2020/08/24/3

Details

Source: MITRE

Published: 2020-08-31

Updated: 2020-11-11

Type: CWE-787

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Impact Score: 3.7

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

Tenable Plugins

View all (76 total)

IDNameProductFamilySeverity
151714openSUSE 15 Security Update : qemu (openSUSE-SU-2021:1942-1)NessusSuSE Local Security Checks
medium
151619openSUSE 15 Security Update : qemu (openSUSE-SU-2021:1043-1)NessusSuSE Local Security Checks
medium
151460F5 Networks BIG-IP : QEMU vulnerability (K09081535)NessusF5 Networks Local Security Checks
medium
151383EulerOS Virtualization 3.0.2.2 : qemu-kvm (EulerOS-SA-2021-2166)NessusHuawei Local Security Checks
critical
150736SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1942-1)NessusSuSE Local Security Checks
medium
150733SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1947-1)NessusSuSE Local Security Checks
medium
150542SUSE SLES11 Security Update : xen (SUSE-SU-2020:14521-1)NessusSuSE Local Security Checks
medium
150537SUSE SLES11 Security Update : kvm (SUSE-SU-2021:14704-1)NessusSuSE Local Security Checks
high
150468SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1918-1)NessusSuSE Local Security Checks
high
150414SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1893-1)NessusSuSE Local Security Checks
high
150399SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1894-1)NessusSuSE Local Security Checks
high
150395SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1895-1)NessusSuSE Local Security Checks
high
150220SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1837-1)NessusSuSE Local Security Checks
medium
150203SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1829-1)NessusSuSE Local Security Checks
medium
148966SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1305-1)NessusSuSE Local Security Checks
high
148761SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1241-1)NessusSuSE Local Security Checks
high
148758SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1240-1)NessusSuSE Local Security Checks
high
148757SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1244-1)NessusSuSE Local Security Checks
high
148752SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1245-1)NessusSuSE Local Security Checks
high
148632EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1763)NessusHuawei Local Security Checks
medium
148583EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1735)NessusHuawei Local Security Checks
medium
147490EulerOS Virtualization 3.0.6.6 : qemu (EulerOS-SA-2021-1455)NessusHuawei Local Security Checks
medium
147408NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
medium
146269Oracle Linux 7 : qemu (ELSA-2021-9034)NessusOracle Linux Local Security Checks
medium
145837CentOS 8 : virt:rhel (CESA-2020:4059)NessusCentOS Local Security Checks
medium
144829EulerOS Virtualization 3.0.2.6 : qemu (EulerOS-SA-2021-1057)NessusHuawei Local Security Checks
critical
144525Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2020-4056)NessusVirtuozzo Local Security Checks
medium
143873SUSE SLES12 Security Update : xen (SUSE-SU-2020:2787-1)NessusSuSE Local Security Checks
medium
143853SUSE SLES12 Security Update : xen (SUSE-SU-2020:2788-1)NessusSuSE Local Security Checks
medium
143815SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:2877-1)NessusSuSE Local Security Checks
medium
143810SUSE SLES12 Security Update : qemu (SUSE-SU-2020:2743-1)NessusSuSE Local Security Checks
medium
143805SUSE SLES12 Security Update : xen (SUSE-SU-2020:2822-1)NessusSuSE Local Security Checks
medium
143685SUSE SLES12 Security Update : xen (SUSE-SU-2020:2786-1)NessusSuSE Local Security Checks
medium
143069RHEL 7 : qemu-kvm (RHSA-2020:4079)NessusRed Hat Local Security Checks
medium
143028RHEL 7 : qemu-kvm (RHSA-2020:4048)NessusRed Hat Local Security Checks
medium
143026RHEL 7 : qemu-kvm (RHSA-2020:4053)NessusRed Hat Local Security Checks
medium
143025RHEL 7 : qemu-kvm (RHSA-2020:4052)NessusRed Hat Local Security Checks
medium
143024RHEL 7 : qemu-kvm-ma (RHSA-2020:4047)NessusRed Hat Local Security Checks
medium
143014RHEL 7 : qemu-kvm (RHSA-2020:4050)NessusRed Hat Local Security Checks
medium
143007RHEL 6 : qemu-kvm (RHSA-2020:4054)NessusRed Hat Local Security Checks
medium
142974Amazon Linux AMI : qemu-img (ALAS-2020-1449)NessusAmazon Linux Local Security Checks
high
142843GLSA-202011-09 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
142726Amazon Linux 2 : ivshmem-tools (ALAS-2020-1562)NessusAmazon Linux Local Security Checks
medium
142647CentOS 6 : qemu-kvm (CESA-2020:4056)NessusCentOS Local Security Checks
medium
142608CentOS 7 : qemu-kvm (CESA-2020:4079)NessusCentOS Local Security Checks
medium
142284EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-2392)NessusHuawei Local Security Checks
high
141774RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2020:4291)NessusRed Hat Local Security Checks
medium
141767Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
medium
141627RHEL 8 : virt:8.1 and virt-devel:8.1 (RHSA-2020:4290)NessusRed Hat Local Security Checks
medium
141409openSUSE Security Update : qemu (openSUSE-2020-1664)NessusSuSE Local Security Checks
medium
141313Oracle Linux 7 : qemu-kvm (ELSA-2020-4079)NessusOracle Linux Local Security Checks
medium
141306RHEL 6 : qemu-kvm (RHSA-2020:4056)NessusRed Hat Local Security Checks
medium
141184RHEL 7 : qemu-kvm-rhev (RHSA-2020:4176)NessusRed Hat Local Security Checks
medium
141175RHEL 8 : Red Hat Virtualization (RHSA-2020:4172)NessusRed Hat Local Security Checks
high
141174RHEL 7 : qemu-kvm-rhev (RHSA-2020:4167)NessusRed Hat Local Security Checks
medium
141129RHEL 7 : qemu-kvm-ma (RHSA-2020:4162)NessusRed Hat Local Security Checks
medium
141128RHEL 8 : virt:rhel (RHSA-2020:4058)NessusRed Hat Local Security Checks
medium
141120Oracle Linux 8 : virt:ol (ELSA-2020-4059)NessusOracle Linux Local Security Checks
medium
141087RHEL 7 : redhat-release-virtualization-host and redhat-virtualization-host (RHSA-2020:4115)NessusRed Hat Local Security Checks
high
141064GLSA-202009-14 : Xen: Buffer overflowNessusGentoo Local Security Checks
medium
141053Oracle Linux 6 : qemu-kvm (ELSA-2020-4056)NessusOracle Linux Local Security Checks
medium
141049RHEL 7 : qemu-kvm-ma (RHSA-2020:4078)NessusRed Hat Local Security Checks
medium
141046RHEL 8 : virt:rhel (RHSA-2020:4059)NessusRed Hat Local Security Checks
medium
141045RHEL 8 : virt:rhel (RHSA-2020:4049)NessusRed Hat Local Security Checks
medium
141034RHEL 6 : qemu-kvm (RHSA-2020:4055)NessusRed Hat Local Security Checks
medium
141011RHEL 7 : qemu-kvm (RHSA-2020:4051)NessusRed Hat Local Security Checks
medium
141005EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-2157)NessusHuawei Local Security Checks
medium
140864EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-2097)NessusHuawei Local Security Checks
high
140637Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerability (USN-4511-1)NessusUbuntu Local Security Checks
medium
140541Debian DLA-2373-1 : qemu security updateNessusDebian Local Security Checks
medium
140506Fedora 31 : xen (2020-3689b67b53)NessusFedora Local Security Checks
medium
140317EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1947)NessusHuawei Local Security Checks
medium
140301Debian DSA-4760-1 : qemu - security updateNessusDebian Local Security Checks
medium
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
140018OracleVM 3.4 : xen (OVMSA-2020-0038)NessusOracleVM Local Security Checks
medium
140017EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1914)NessusHuawei Local Security Checks
medium