Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711)
It was discovered that the QEMU libslirp component incorrectly handled memory. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-7039, CVE-2020-8608)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-block-extra" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-guest-agent" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-kvm" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-aarch64" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-arm" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-common" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-mips" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-misc" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-ppc" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-s390x" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-sparc" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-system-x86" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-user" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-user-binfmt" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-user-static" }, { "binary_version": "1:2.5+dfsg-5ubuntu10.43", "binary_name": "qemu-utils" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:16.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2020-1711" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2020-7039" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2020-8608" } ] } }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-block-extra" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-guest-agent" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-kvm" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-arm" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-common" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-mips" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-misc" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-ppc" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-s390x" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-sparc" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-system-x86" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-user" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-user-binfmt" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-user-static" }, { "binary_version": "1:2.11+dfsg-1ubuntu7.23", "binary_name": "qemu-utils" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:18.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2020-1711" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2020-7039" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2020-8608" } ] } }