Vulnerability Name:

CVE-2020-11869 (CCN-180710)

Assigned:2020-04-24
Published:2020-04-24
Updated:2020-05-28
Summary:An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
CVSS v3 Severity:3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-190
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-11869

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/04/24/2

Source: XF
Type: UNKNOWN
qemu-cve202011869-dos(180710)

Source: CCN
Type: qemu GIT Repository
ati-vga: Fix checks in ati_2d_blt() to avoid crash

Source: CONFIRM
Type: Mailing List, Patch, Vendor Advisory
https://git.qemu.org/?p=qemu.git;a=commit;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7

Source: CCN
Type: oss-sec Mailing List, Fri, 24 Apr 2020 16:43:45 +0200
CVE-2020-11869 qemu: integer overflow in ati_2d_blt() in hw/display/ati-2d.c could lead to DoS

Source: UBUNTU
Type: UNKNOWN
USN-4372-1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-11869

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version >= 4.0.1 and <= 4.2.0)

    • Configuration CCN 1:
  • cpe:/a:qemu:qemu:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202011869
    V
    		CVE-2020-11869
    2023-06-22
    oval:org.opensuse.security:def:7791
    P
    		qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:618
    P
    		Security update for python (Important) (in QA)
    2022-10-06
    oval:org.opensuse.security:def:3187
    P
    		libidn-tools-1.28-5.6.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3518
    P
    		guile-2.0.9-9.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95148
    P
    		qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94817
    P
    		qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:296
    P
    		qemu-tools-5.2.0-9.18 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:351
    P
    		qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:94238
    P
    		 (Important)
    2022-05-17
    oval:org.opensuse.security:def:880
    P
    		Security update for tar (Moderate)
    2022-05-05
    oval:org.opensuse.security:def:113318
    P
    		qemu-6.1.0-32.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:1651
    P
    		Security update for openssh (Important)
    2021-12-22
    oval:org.opensuse.security:def:69972
    P
    		Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:1225
    P
    		Security update for java-1_8_0-openjdk (Important)
    2021-11-23
    oval:org.opensuse.security:def:106728
    P
    		qemu-6.1.0-32.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:66907
    P
    		Security update for openssl-1_1 (Important)
    2021-08-24
    oval:org.opensuse.security:def:100649
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:2279
    P
    		qemu-5.2.0-9.18 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101394
    P
    		qemu-5.2.0-9.18 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63368
    P
    		qemu-5.2.0-9.18 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101072
    P
    		qemu-tools-5.2.0-9.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62314
    P
    		qemu-tools-5.2.0-9.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72055
    P
    		qemu-tools-5.2.0-9.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100951
    P
    		libpango-1_0-0-1.44.7+11-1.25 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:70263
    P
    		Security update for linuxptp (Important)
    2021-07-27
    oval:org.opensuse.security:def:69867
    P
    		Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:66815
    P
    		Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:73598
    P
    		Security update for sudo (Important)
    2021-04-20
    oval:org.opensuse.security:def:93936
    P
    		 (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:107315
    P
    		qemu-tools-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107617
    P
    		qemu-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:71710
    P
    		qemu-tools-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:116873
    P
    		qemu-tools-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63296
    P
    		qemu-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:117175
    P
    		qemu-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2207
    P
    		qemu-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61969
    P
    		qemu-tools-4.2.0-9.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:50092
    P
    		qemu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66524
    P
    		libseccomp-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73189
    P
    		libnm0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73307
    P
    		qemu-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66616
    P
    		qemu-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73480
    P
    		FastCGI on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49267
    P
    		libykcs11-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49321
    P
    		qemu-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50038
    P
    		subversion-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70158
    P
    		crash on GA media (Moderate)
    2020-12-01
    BACK
    qemu qemu *
    qemu qemu -