First published: Fri Feb 28 2020(Updated: )
An out-of-bounds read/write vulnerability was found in function Sm501_2d_operation() in hw/display/sm501.c. The OOB flaw is caused by an integer overflow in COPY_AREA when the `rtl` parameter is set to 1, and either `src_y` or `src_x` is less than `operation_height`. Please refer to the following duplicate bug for further details: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED DUPLICATE - QEMU: sm501_2d_operation() in hw/display/sm501.c allows out-of-bounds write and read operations.(CVE request)" href="show_bug.cgi?id=1786026">https://bugzilla.redhat.com/show_bug.cgi?id=1786026</a>. Upstream fix: <a href="https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4">https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <=5.0.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =10.0 | |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12829 is a vulnerability in the SM501 display driver implementation in QEMU.
The severity of CVE-2020-12829 is low with a CVSS score of 3.8.
QEMU versions up to 5.0.0 are affected by CVE-2020-12829.
A local attacker can abuse CVE-2020-12829 to crash the QEMU process.
More information about CVE-2020-12829 can be found at the following references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1808510), [Ubuntu USN](https://usn.ubuntu.com/4467-1/), [Debian DSA](https://www.debian.org/security/2020/dsa-4760).