Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <nycvar.YSQ.7.77.849.2006040049200.62159@xnncv>
Date: Thu, 4 Jun 2020 00:51:24 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2020-13765 QEMU: loader: OOB access while loading registered
 ROM may lead to code execution

   Hello,

An out-of-bound write access flaw was found in the way QEMU loads ROM contents 
at boot time. This flaw occurs in the rom_copy() routine while loading the 
contents of a 32-bit -kernel image into memory. Running an untrusted -kernel 
image may load contents at arbitrary memory locations, potentially leading to 
code execution with the privileges of the QEMU process.

Upstream patch:
---------------
   -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319

Reference:
----------
   -> https://bugs.launchpad.net/qemu/+bug/1844635

'CVE-2020-13765' requested via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.