Vulnerability CVE-2020-13800

Vulnerability Name:

CVE-2020-13800 (CCN-182972)

Assigned:

2020-06-04

Published:

2020-06-04

Updated:

2022-04-28

Summary:

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

CVSS v3 Severity:

6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-674

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-13800

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1108

Source: MISC
Type: Broken Link
https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800

Source: XF
Type: UNKNOWN
qemu-cve202013800-dos(182972)

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html

Source: CCN
Type: qemu-devel Web site
[PATCH v2] ati-vga: check mm_index before recursive call

Source: CCN
Type: oss-sec Mailing List, Thu, 4 Jun 2020 11:21:42 +0530 (IST)
CVE-2020-13800 QEMU: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS

Source: GENTOO
Type: Third Party Advisory
GLSA-202011-09

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0001/

Source: UBUNTU
Type: Third Party Advisory
USN-4467-1

Source: CONFIRM
Type: Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/06/04/2

Vulnerable Configuration:

Configuration 1:

cpe:/a:qemu:qemu:4.2.0:-:*:*:*:*:*:*

Configuration 2:

cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 3:

cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:qemu:qemu:4.2.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202013800	V	CVE-2020-13800	2023-06-22
oval:org.opensuse.security:def:7791	P	qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51941	P	Security update for curl (Important)	2022-10-26
oval:org.opensuse.security:def:618	P	Security update for python (Important) (in QA)	2022-10-06
oval:org.opensuse.security:def:3518	P	guile-2.0.9-9.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3297	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3276	P	libvirglrenderer0-0.5.0-11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3246	P	libquicktime0-1.2.4-14.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3235	P	libpng16-16-1.6.8-14.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3227	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3208	P	libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3194	P	libjbig2-2.0-12.13 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3187	P	libidn-tools-1.28-5.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3303	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3300	P	mariadb-10.2.25-3.19.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3299	P	mailx-12.5-28.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3285	P	libwsman1-2.4.11-21.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3182	P	libgypsy0-0.9-6.22 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94817	P	qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95005	P	cross-nvptx-gcc7-7.5.0+r278197-4.30.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95148	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:296	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:351	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:113318	P	qemu-6.1.0-32.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:70571	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:67355	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:64820	P	Security update for python-pip (Moderate)	2021-12-13
oval:org.opensuse.security:def:66996	P	Security update for webkit2gtk3 (Important)	2021-12-02
oval:org.opensuse.security:def:4233	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:1225	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:73906	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:106728	P	qemu-6.1.0-32.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:4156	P	Security update for gd (Moderate)	2021-09-27
oval:org.opensuse.security:def:63215	P	libmysqld-devel-10.2.22-3.14.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64762	P	Security update for apache2 (Important)	2021-09-03
oval:org.opensuse.security:def:4215	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:51647	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:66904	P	Security update for dbus-1 (Moderate)	2021-08-23
oval:org.opensuse.security:def:101718	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:70463	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:64553	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:48348	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48349	P	xorg-x11-server-1.19.6-8.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:101394	P	qemu-5.2.0-9.18 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:67215	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:63508	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2279	P	qemu-5.2.0-9.18 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63368	P	qemu-5.2.0-9.18 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101082	P	sharutils-4.15.2-2.21 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72055	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63009	P	go1.14-1.14.15-1.35.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63005	P	dpkg-1.19.0.4-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63012	P	graphviz-perl-2.40.1-6.6.8 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62314	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63037	P	perl-YAML-LibYAML-0.69-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101072	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64552	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:4140	P	Security update for MozillaFirefox (Important)	2021-07-19
oval:org.opensuse.security:def:70247	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:51907	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:48912	P	icu-52.1-8.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48819	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48682	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48486	P	libdcerpc-atsvc0-4.2.4-26.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48364	P	ant-1.9.4-1.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67120	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:4128	P	Security update for libass (Moderate)	2021-05-20
oval:org.opensuse.security:def:4271	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:94369	P	(Moderate)	2021-04-20
oval:org.opensuse.security:def:73785	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:64660	P	Security update for bind (Important)	2021-03-02
oval:org.opensuse.security:def:52016	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:70352	P	Security update for nodejs10 (Important)	2021-03-02
oval:org.opensuse.security:def:70804	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:73687	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:51749	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:73569	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:1833	P	perl-YAML-LibYAML-0.59-1.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1832	P	perl-Tk-devel-804.034-1.44 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1858	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4035	P	libpoppler-cpp0-0.43.0-16.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3941	P	libXinerama-devel-1.1.3-3.54 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2500	P	libproxy1-config-gnome3-0.4.15-2.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4097	P	nautilus-devel-3.20.3-23.12.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1854	P	crash-7.2.8-16.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4055	P	libspice-server-devel-0.12.8-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4043	P	libraptor-devel-2.0.10-3.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1831	P	perl-PerlMagick-7.0.7.34-3.54.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3954	P	libapr-util1-1.5.3-2.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1857	P	cvs-1.12.12-2.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1852	P	checkbashisms-2.15.1-1.49 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1845	P	binutils-devel-32bit-2.32-7.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1842	P	ant-1.10.7-2.79 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1841	P	FastCGI-2.4.0-2.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2496	P	libmwaw-0_3-3-0.3.14-4.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1836	P	rpm-build-4.14.1-10.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4930	P	Security update for qemu (Important)	2020-12-02
oval:org.opensuse.security:def:4264	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4257	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4909	P	Security update for postgresql12 (Important)	2020-12-02
oval:org.opensuse.security:def:4267	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:50464	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:49531	P	libSDL-1_2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50305	P	Security update for pango (Moderate)	2020-12-01
oval:org.opensuse.security:def:70692	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50552	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:50205	P	libvncclient0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52324	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:50054	P	dhcp-relay on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49847	P	log4j12-javadoc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49719	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74139	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:49700	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51835	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:51048	P	Security update for runc (Moderate)	2020-12-01
oval:org.opensuse.security:def:51374	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:50974	P	Security update for conmon, fuse-overlayfs, libcontainers-common, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:50936	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:51210	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:49500	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75007	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:51106	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:53292	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:50943	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:49370	P	zypper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50708	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50575	P	Security update for libvpx (Important)	2020-12-01
oval:org.opensuse.security:def:50553	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:64416	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52386	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:64087	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50942	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:63858	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:49435	P	libexiv2-26 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63711	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50801	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:74014	P	Security update for java-1_8_0-openj9 (Important)	2020-12-01
oval:org.opensuse.security:def:49284	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67454	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:49063	P	c-ares-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49699	P	libthai0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50879	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:74874	P	Security update for file (Moderate)	2020-12-01
oval:org.opensuse.security:def:64932	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:53361	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:50875	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:49603	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:110702	P	Security update for qemu (Important)	2020-07-28
oval:org.opensuse.security:def:118448	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:109352	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:75614	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:102686	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:107748	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:95996	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:117263	P	Security update for qemu (Important)	2020-07-23
oval:org.opensuse.security:def:108384	P	Security update for qemu (Important)	2020-07-23

BACK