CVE-2020-13361

low-risk

Published 2020-05-28

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.9/10 Low

LOCAL / HIGH complexity

Affected Products (8)

Qemu

Debian Linux

Leap

Ubuntu Linux

Affected Vendors

Debian Canonical Qemu Opensuse

References (20)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html

Mailing List http://www.openwall.com/lists/oss-security/2020/05/28/1

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html

Patch https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html

Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2020-13361

Third Party Advisory https://security.gentoo.org/glsa/202011-09

Third Party Advisory https://security.netapp.com/advisory/ntap-20200608-0003/

Third Party Advisory https://usn.ubuntu.com/4467-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4728