Vulnerabilities > CVE-2020-17380 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 6.3 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
local
low complexity
qemu
debian
CWE-787

Summary

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

Vulnerable Configurations

Part Description Count
Application
Qemu
328
OS
Debian
1

Common Weakness Enumeration (CWE)