Vulnerabilities > CVE-2020-13361 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 3.9 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
LOW

Summary

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

Vulnerable Configurations

Part Description Count
Application
Qemu
322
OS
Debian
3
OS
Opensuse
1
OS
Canonical
3

Common Weakness Enumeration (CWE)