Vulnerability CVE-2020-24352

Vulnerability Name:

CVE-2020-24352 (CCN-189954)

Assigned:

2020-06-16

Published:

2020-06-16

Updated:

2021-07-21

Summary:

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-24352

Source: CCN
Type: Red Hat Bugzilla Bug 1847584
(CVE-2020-24352) - CVE-2020-24352 QEMU: out-of-bounds read/write in ati-vga device emulation in ati_2d_blt()

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1847584

Source: XF
Type: UNKNOWN
qemu-cve202024352-dos(189954)

Source: MISC
Type: Vendor Advisory
https://git.qemu.org/?p=qemu.git

Source: CCN
Type: qemu-devel Web site
qemu/qemu: Official QEMU mirror - GitHub

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20201123-0003/

Vulnerable Configuration:

Configuration 1:

cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version <= 4.2.1)

OR cpe:/a:qemu:qemu:5.0.0:rc0:*:*:*:*:*:*

OR cpe:/a:qemu:qemu:5.0.0:rc1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:qemu:qemu:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202024352	V	CVE-2020-24352	2023-06-22
oval:org.opensuse.security:def:7791	P	qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51953	P	Security update for systemd (Moderate)	2022-11-15
oval:org.opensuse.security:def:618	P	Security update for python (Important) (in QA)	2022-10-06
oval:org.opensuse.security:def:3518	P	guile-2.0.9-9.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3375	P	sysconfig-0.84.0-13.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3361	P	sane-backends-1.0.24-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3352	P	res-signingkeys-3.0.42-52.38.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3322	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3311	P	openvpn-2.3.8-16.20.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3303	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3284	P	libwireshark9-2.4.16-48.51.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3270	P	libu2f-host0-1.1.6-3.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3263	P	libsystemd0-228-155.21 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3373	P	sudo-1.8.27-2.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3379	P	sysvinit-tools-2.88+-101.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3376	P	syslog-service-2.0-778.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3187	P	libidn-tools-1.28-5.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3258	P	libspice-server1-0.12.8-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95081	P	cloud-init-21.4-150100.8.58.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94817	P	qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95148	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:296	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:351	P	qemu-6.2.0-150400.35.10 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:67367	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:94415	P	(Moderate)	2021-12-06
oval:org.opensuse.security:def:1225	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:4168	P	Security update for MozillaFirefox (Important)	2021-11-19
oval:org.opensuse.security:def:73733	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:4227	P	Security update for flatpak (Important)	2021-10-20
oval:org.opensuse.security:def:67291	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:66950	P	Security update for the Linux Kernel (Important)	2021-10-15
oval:org.opensuse.security:def:51659	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:4152	P	Security update for wireshark (Moderate)	2021-09-13
oval:org.opensuse.security:def:70293	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:64758	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:4279	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:2279	P	qemu-5.2.0-9.18 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63368	P	qemu-5.2.0-9.18 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63313	P	389-ds-1.4.4.14~git0.37dc95673-1.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101394	P	qemu-5.2.0-9.18 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1903	P	blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62314	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1904	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101072	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101128	P	docker-19.03.15_ce-6.46.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72055	P	qemu-tools-5.2.0-9.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1900	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1898	P	FastCGI-2.4.0-2.23 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:73861	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:101794	P	Security update for git (Moderate)	2021-07-29
oval:org.opensuse.security:def:67196	P	Security update for MozillaThunderbird (Important)	2021-07-22
oval:org.opensuse.security:def:4140	P	Security update for MozillaFirefox (Important)	2021-07-19
oval:org.opensuse.security:def:51919	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:4276	P	Security update for csync2 (Moderate)	2021-06-10
oval:org.opensuse.security:def:63103	P	kernel-default-livepatch-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48394	P	cups-filters-1.0.58-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48958	P	libzzip-0-13-0.13.67-10.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48865	P	libplist++3-1.12-19.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48728	P	kernel-default-extra-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48532	P	libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48410	P	elfutils-0.158-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48395	P	cups-pk-helper-0.2.5-3.72 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64514	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:70816	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:70398	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:73615	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:4269	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:51761	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:52028	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:70539	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:67042	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:64651	P	Security update for webkit2gtk3 (Important)	2021-02-22
oval:org.opensuse.security:def:64650	P	Security update for python3 (Moderate)	2021-02-19
oval:org.opensuse.security:def:4283	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:4047	P	Security update for gdm (Important)	2020-12-14
oval:org.opensuse.security:def:1879	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4030	P	libpcscspy0-1.8.10-7.6.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1878	P	ncurses-devel-32bit-6.1-5.6.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2542	P	libpoppler73-0.62.0-2.33 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63107	P	apache2-mod_wsgi-4.5.18-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4245	P	typelib-1_0-Gtk-2_0-2.24.31-9.6.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4017	P	libnettle-devel-2.7.1-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4109	P	pam-devel-1.1.8-24.27.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4067	P	libtool-2.4.2-17.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4055	P	libspice-server-devel-0.12.8-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63110	P	rmt-server-pubcloud-1.2.2-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1877	P	nasm-2.13.02-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63606	P	NetworkManager-lang-1.22.6-1.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2546	P	libraw-devel-0.18.9-3.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63135	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1891	P	perl-solv-0.7.14-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1888	P	perl-PerlMagick-7.0.7.34-8.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1887	P	perl-Net-Libproxy-0.4.15-2.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1882	P	pam-devel-32bit-1.3.0-6.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4942	P	Security update for qemu (Important)	2020-12-02
oval:org.opensuse.security:def:4921	P	Security update for skopeo (Moderate)	2020-12-02
oval:org.opensuse.security:def:50540	P	Security update for libqt5-qtsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:50381	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:50564	P	Security update for wget (Important)	2020-12-01
oval:org.opensuse.security:def:50281	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50925	P	Security update for unbound (Important)	2020-12-01
oval:org.opensuse.security:def:50130	P	nodejs10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74972	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:49923	P	python2-paramiko on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65030	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:53373	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:49795	P	openldap2-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73982	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:49776	P	cargo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50951	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:49649	P	libSoundTouch0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51386	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:49577	P	libsoup-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51222	P	Security update for SDL2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:70704	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:51118	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52400	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:50955	P	Security update for gettext-runtime (Moderate)	2020-12-01
oval:org.opensuse.security:def:50720	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:50587	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:64918	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:74151	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:50565	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:51847	P	Security update for libvpx (Important)	2020-12-01
oval:org.opensuse.security:def:51124	P	Security update for NetworkManager (Moderate)	2020-12-01
oval:org.opensuse.security:def:70647	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:51050	P	Security update for slirp4netns (Important)	2020-12-01
oval:org.opensuse.security:def:50982	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:64185	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:49546	P	libexif-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75105	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:63956	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:53304	P	Security update for freetds (Moderate)	2020-12-01
oval:org.opensuse.security:def:63809	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:49416	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49330	P	sharutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49109	P	graphite2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64860	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:49775	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52462	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:51018	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:49481	P	perl-MIME-Charset on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50877	P	Security update for python-setuptools (Important)	2020-12-01
oval:org.opensuse.security:def:74026	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:50784	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:67466	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:110800	P	Security update for qemu (Important)	2020-10-13
oval:org.opensuse.security:def:75690	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:118460	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:102698	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:107794	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:96008	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:108460	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:117309	P	Security update for qemu (Important)	2020-10-07
oval:org.opensuse.security:def:109364	P	Security update for qemu (Important)	2020-10-07

BACK