Unrated severityNVD Advisory· Published Oct 16, 2020· Updated Aug 4, 2024
CVE-2020-24352
CVE-2020-24352
Description
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Affected products
6- QEMU/QEMUdescription
- osv-coords5 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2
< 4.2.1-lp152.9.6.1+ 4 more
- (no CPE)range: < 4.2.1-lp152.9.6.1
- (no CPE)range: < 4.2.1-lp152.9.6.1
- (no CPE)range: < 4.2.1-lp152.9.6.1
- (no CPE)range: < 4.2.1-11.10.1
- (no CPE)range: < 4.2.1-11.10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20201123-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.