Alpine: multiple qemu packages: security update to 5.1.0-r1

medium Tenable Cloud Security Plugin ID 406788

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It
could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in
hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host,
resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the
QEMU process on the host. (CVE-2020-17380)

- In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame
count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
(CVE-2020-13361)

- In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a
crafted reply_queue_head field from a guest OS user. (CVE-2020-13362)

- An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before
5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its
'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the
QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the
privileges of the QEMU process on the host. (CVE-2020-14364)

- hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This
occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or
process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or
potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
(CVE-2020-15863)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-13361

https://security.alpinelinux.org/vuln/CVE-2020-13362

https://security.alpinelinux.org/vuln/CVE-2020-14364

https://security.alpinelinux.org/vuln/CVE-2020-15863

https://security.alpinelinux.org/vuln/CVE-2020-16092

https://security.alpinelinux.org/vuln/CVE-2020-17380

https://security.alpinelinux.org/vuln/CVE-2020-25084

https://security.alpinelinux.org/vuln/CVE-2020-25085

https://security.alpinelinux.org/vuln/CVE-2020-25624

https://security.alpinelinux.org/vuln/CVE-2020-25625

https://security.alpinelinux.org/vuln/CVE-2020-25741

https://security.alpinelinux.org/vuln/CVE-2020-28916

Plugin Details

Severity: Medium

ID: 406788

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 50.87

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-17380

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/28/2020

Reference Information

CVE: CVE-2020-13361, CVE-2020-13362, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092, CVE-2020-17380, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25741, CVE-2020-28916

IAVB: 2020-B-0041-S, 2020-B-0063-S, 2020-B-0075-S