Unrated severityNVD Advisory· Published Dec 31, 2020· Updated Aug 4, 2024
CVE-2020-11947
CVE-2020-11947
Description
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
Affected products
80- QEMU/QEMUdescription
- osv-coords79 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/ocaml-hivexpkg:rpm/almalinux/ocaml-hivex-develpkg:rpm/almalinux/ocaml-libguestfspkg:rpm/almalinux/ocaml-libguestfs-develpkg:rpm/almalinux/ocaml-libnbdpkg:rpm/almalinux/ocaml-libnbd-develpkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/qemu&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/qemu&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.3.18-20.module_el8.3.0+2048+e7a0a3ea+ 78 more
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 8.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1:1.40.2-27.module_el8.4.0+2358+630e803b.alma
- (no CPE)range: < 1:1.40.2-27.module_el8.4.0+2358+630e803b.alma
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 4.2.1-lp152.9.9.2
- (no CPE)range: < 4.2.1-lp152.9.9.3
- (no CPE)range: < 4.2.1-lp152.9.9.5
- (no CPE)range: < 1.4.2-53.41.1
- (no CPE)range: < 1.4.2-60.37.1
- (no CPE)range: < 2.9.1-6.47.1
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 2.11.2-9.43.1
- (no CPE)range: < 2.11.2-9.43.1
- (no CPE)range: < 4.2.1-11.13.1
- (no CPE)range: < 4.2.1-11.13.1
- (no CPE)range: < 2.6.2-41.62.1
- (no CPE)range: < 2.9.1-6.47.1
- (no CPE)range: < 2.9.1-6.47.1
- (no CPE)range: < 2.11.2-5.29.1
- (no CPE)range: < 3.1.1.1-48.2
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 2.11.2-9.43.1
- (no CPE)range: < 2.9.1-6.47.1
- (no CPE)range: < 2.11.2-5.29.1
- (no CPE)range: < 3.1.1.1-48.2
- (no CPE)range: < 2.11.2-9.43.1
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 3.1.1.1-9.24.3
- (no CPE)range: < 2.9.1-6.47.1
- (no CPE)range: < 2.11.2-5.29.1
- (no CPE)range: < 2.9.1-6.47.1
- (no CPE)range: < 2.11.2-5.29.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.openwall.com/lists/oss-security/2021/01/13/4mitremailing-listx_refsource_MLIST
- git.qemu.orgmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210212-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.