Vulnerability Name:

CVE-2020-17380 (CCN-194590)

Assigned:2020-07-30
Published:2020-07-30
Updated:2022-10-14
Summary:A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
CVSS v3 Severity:6.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
5.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-17380

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085

Source: CCN
Type: Red Hat Bugzilla – Bug 1862167
(CVE-2020-17380) - CVE-2020-17380 QEMU: heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1862167

Source: XF
Type: UNKNOWN
qemu-cve202017380-bo(194590)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update

Source: CCN
Type: qemu-devel Web site
[PATCH v1] sd: sdhci: assert data_count is within fifo_buffer

Source: CONFIRM
Type: Mailing List, Patch, Third Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210312-0003/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-17380

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version <= 5.0.0)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:qemu:qemu:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8034
    P
    		libpcp-devel-5.2.5-150400.5.3.11 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7791
    P
    		qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:719
    P
    		Security update for gstreamer-plugins-good (Important)
    2022-08-31
    oval:org.opensuse.security:def:3620
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:3187
    P
    		libidn-tools-1.28-5.6.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3518
    P
    		guile-2.0.9-9.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95148
    P
    		qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94817
    P
    		qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:351
    P
    		qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:6053
    P
    		Security update for postgresql13 (Important)
    2022-05-25
    oval:org.opensuse.security:def:113318
    P
    		qemu-6.1.0-32.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106728
    P
    		qemu-6.1.0-32.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:111576
    P
    		Security update for qemu (Important)
    2021-07-11
    oval:org.opensuse.security:def:1611
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:73831
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:97059
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:69123
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:76210
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:101450
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:64709
    P
    		Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:67142
    P
    		Security update for qemu (Important)
    2021-06-10
    BACK
    qemu qemu *
    debian debian linux 9.0
    qemu qemu -