Vulnerabilities > CVE-2020-15859 - Use After Free vulnerability in multiple products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

qemu

debian

CWE-416

NVD

Published: 2020-07-21

Updated: 2022-09-23

Summary

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 4.2.0	1
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html
https://www.openwall.com/lists/oss-security/2020/07/21/3
https://bugs.launchpad.net/qemu/+bug/1886362
https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
https://security.gentoo.org/glsa/202208-27
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html