Vulnerability Name:

CVE-2020-27821 (CCN-193325)

Assigned:2020-12-03
Published:2020-12-03
Updated:2022-09-30
Summary:A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
CVSS v3 Severity:6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
5.0 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-787
CWE-787
CWE-122
CWE-122
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-27821

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20201216 CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1902651

Source: XF
Type: UNKNOWN
qemu-cve202027821-dos(193325)

Source: CCN
Type: QEMU GIT Repository
memory: clamp cached translation in case it points to an MMIO region

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update

Source: CCN
Type: oss-sec Mailing List, Wed, 16 Dec 2020 18:05:58 +0100
CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210115-0006/

Source: CCN
Type: QEMU Web site
Contribute to QEMU! - QEMU

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version < 5.2.0)

  • Configuration 2:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:qemu:qemu:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8034
    P
    libpcp-devel-5.2.5-150400.5.3.11 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7791
    P
    qemu-tools-7.1.0-150500.47.15 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7948
    P
    libmozjs-78-0-78.15.0-150400.1.10 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:719
    P
    Security update for gstreamer-plugins-good (Important)
    2022-08-31
    oval:org.opensuse.security:def:3620
    P
    Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:3518
    P
    guile-2.0.9-9.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3385
    P
    tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3187
    P
    libidn-tools-1.28-5.6.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95201
    P
    libavformat58_76-4.4-150400.1.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95148
    P
    qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94497
    P
    aspell-0.60.8-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94817
    P
    qemu-tools-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:351
    P
    qemu-6.2.0-150400.35.10 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:6053
    P
    Security update for postgresql13 (Important)
    2022-05-25
    oval:org.opensuse.security:def:113318
    P
    qemu-6.1.0-32.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:99440
    P
    (Moderate)
    2021-12-06
    oval:org.opensuse.security:def:106728
    P
    qemu-6.1.0-32.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:101914
    P
    Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-08-17
    oval:org.opensuse.security:def:101210
    P
    libopenjpeg1-1.5.2-2.28 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:111576
    P
    Security update for qemu (Important)
    2021-07-11
    oval:org.opensuse.security:def:101450
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:64709
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:69123
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:76210
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:1611
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:67142
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:73831
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:97059
    P
    Security update for qemu (Important)
    2021-06-10
    oval:org.opensuse.security:def:99639
    P
    (Important)
    2021-06-01
    oval:com.redhat.rhsa:def:20211762
    P
    RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)
    2021-05-18
    oval:org.opensuse.security:def:111339
    P
    Security update for qemu (Important)
    2021-04-23
    oval:org.opensuse.security:def:9690
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:99945
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:5653
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:92291
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:69037
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:75810
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:8740
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:99241
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:34409
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:93041
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:70381
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:10241
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:96029
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:107876
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:92490
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:96856
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:117391
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:8935
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:93194
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:91901
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:66742
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:42061
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:73596
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:98851
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:108580
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:92689
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:96858
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:69631
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:118481
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:60232
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:9491
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:92096
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:102719
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:99046
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:109385
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:92888
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:69830
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:64474
    P
    Security update for qemu (Important)
    2021-04-16
    BACK
    qemu qemu *
    debian debian linux 10.0
    qemu qemu -