CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
redhatCNA
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
qemuqemu
2.12.0 ≤
𝑥
< 4.2.1
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
debiandebian_linux
8.0
debiandebian_linux
9.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
noble
Fixed 1:4.2-3ubuntu1
released
mantic
Fixed 1:4.2-3ubuntu1
released
lunar
Fixed 1:4.2-3ubuntu1
released
kinetic
Fixed 1:4.2-3ubuntu1
released
jammy
Fixed 1:4.2-3ubuntu1
released
impish
Fixed 1:4.2-3ubuntu1
released
hirsute
Fixed 1:4.2-3ubuntu1
released
groovy
Fixed 1:4.2-3ubuntu1
released
focal
Fixed 1:4.2-3ubuntu1
released
eoan
Fixed 1:4.0+dfsg-0ubuntu9.4
released
bionic
Fixed 1:2.11+dfsg-1ubuntu7.23
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.43
released
trusty
needed
qemu-kvm
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://access.redhat.com/errata/RHSA-2020:0669
https://access.redhat.com/errata/RHSA-2020:0730
https://access.redhat.com/errata/RHSA-2020:0731
https://access.redhat.com/errata/RHSA-2020:0773
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711
https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
https://security.gentoo.org/glsa/202005-02
https://usn.ubuntu.com/4283-1/
https://www.openwall.com/lists/oss-security/2020/01/23/3
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://access.redhat.com/errata/RHSA-2020:0669
https://access.redhat.com/errata/RHSA-2020:0730
https://access.redhat.com/errata/RHSA-2020:0731
https://access.redhat.com/errata/RHSA-2020:0773
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711
https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
https://security.gentoo.org/glsa/202005-02
https://usn.ubuntu.com/4283-1/
https://www.openwall.com/lists/oss-security/2020/01/23/3