Vulnerabilities > CVE-2020-13361 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
NONE Integrity impact
LOW Availability impact
LOW Summary
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html
- http://www.openwall.com/lists/oss-security/2020/05/28/1
- https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html
- https://security.gentoo.org/glsa/202011-09
- https://security.netapp.com/advisory/ntap-20200608-0003/
- https://security-tracker.debian.org/tracker/CVE-2020-13361
- https://usn.ubuntu.com/4467-1/
- https://www.debian.org/security/2020/dsa-4728
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html
- https://www.debian.org/security/2020/dsa-4728
- https://usn.ubuntu.com/4467-1/
- https://security-tracker.debian.org/tracker/CVE-2020-13361
- https://security.netapp.com/advisory/ntap-20200608-0003/
- https://security.gentoo.org/glsa/202011-09
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html
- http://www.openwall.com/lists/oss-security/2020/05/28/1