CVE-2020-14415

low-risk
Published 2020-08-27

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (4)

Affected Vendors

Canonical Qemu

References (4)

https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f...
Patch https://usn.ubuntu.com/4467-1/
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f...
Patch https://usn.ubuntu.com/4467-1/
23
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 10/34 · Low