First published: Mon Apr 20 2020(Updated: )
A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest. The highest threat from this vulnerability is to data confidentiality.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | =4.1.0 | |
redhat/qemu | <5.0.0 | 5.0.0 |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-11947 is low with a severity value of 3.8.
The affected software for CVE-2020-11947 is QEMU version up to exclusive 5.0.0.
The vulnerability reference for CVE-2020-11947 can be found at the following links: - https://www.cve.org/CVERecord?id=CVE-2020-11947 - https://nvd.nist.gov/vuln/detail/CVE-2020-11947 - https://www.openwall.com/lists/oss-security/2021/01/13/4 - https://bugzilla.redhat.com/show_bug.cgi?id=1912765 - https://access.redhat.com/errata/RHSA-2021:0648
The Common Weakness Enumeration (CWE) for CVE-2020-11947 includes CWE-119, CWE-131, and CWE-122.
To fix CVE-2020-11947, update your QEMU software to version 5.0.0 or higher.