oss-sec mailing list archives

CVE-2020-13765 QEMU: loader: OOB access while loading registered ROM may lead to code execution

From: P J P <ppandit () redhat com>
Date: Thu, 4 Jun 2020 00:51:24 +0530 (IST)

  Hello,

An out-of-bound write access flaw was found in the way QEMU loads ROM contentsat boot time. This flaw occurs in the rom_copy() routine while loading thecontents of a 32-bit -kernel image into memory. Running an untrusted -kernelimage may load contents at arbitrary memory locations, potentially leading tocode execution with the privileges of the QEMU process.


Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319

Reference:
----------
  -> https://bugs.launchpad.net/qemu/+bug/1844635

'CVE-2020-13765' requested via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Current thread:

CVE-2020-13765 QEMU: loader: OOB access while loading registered ROM may lead to code execution P J P (Jun 03)