Vulnerabilities > CVE-2020-27821 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 6.0 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
qemu
debian
CWE-787
NVD
Published: 2020-12-08
Updated: 2023-11-07

Summary

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

Vulnerable Configurations

Part Description Count
Application
Qemu
341
OS
Debian
1

Common Weakness Enumeration (CWE)

References