CVE-2020-14364 - Vulnerability Details

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.11567.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Opensuse	Leap
Qemu	Qemu
Redhat	Advanced Virtualization Enterprise Linux Openstack Rhel Aus Rhel E4s Rhel Eus Rhel Tus Rhev Hypervisor Rhev Manager

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:openstack:10:::::::*
	cpe:2.3:a:redhat:openstack:13:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0::::-:::
	cpe:2.3:o:redhat:enterprise_linux:8.0::::advanced_virtualization:::

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 5 [-]

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

Package	CPE	Advisory	Released Date
Advanced Virtualization for RHEL 8.1.1
virt:8.1-8010120200911011910.5db1954d	cpe:/a:redhat:advanced_virtualization:8.1::el8	RHSA-2020:4290	2020-10-20T00:00:00Z
virt-devel:8.1-8010120200911011910.5db1954d	cpe:/a:redhat:advanced_virtualization:8.1::el8	RHSA-2020:4290	2020-10-20T00:00:00Z
Advanced Virtualization for RHEL 8.2.1
virt:8.2-8020120200909235106.863bb0db	cpe:/a:redhat:advanced_virtualization:8.2::el8	RHSA-2020:4291	2020-10-20T00:00:00Z
virt-devel:8.2-8020120200909235106.863bb0db	cpe:/a:redhat:advanced_virtualization:8.2::el8	RHSA-2020:4291	2020-10-20T00:00:00Z
Red Hat Enterprise Linux 6
qemu-kvm-2:0.12.1.2-2.506.el6_10.8	cpe:/o:redhat:enterprise_linux:6	RHSA-2020:4056	2020-10-07T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
qemu-kvm-2:0.12.1.2-2.415.el6_5.21	cpe:/o:redhat:rhel_aus:6.5	RHSA-2020:4054	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
qemu-kvm-2:0.12.1.2-2.448.el6_6.9	cpe:/o:redhat:rhel_aus:6.6	RHSA-2020:4055	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7
qemu-kvm-ma-10:2.12.0-48.el7_9.1	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:4078	2020-09-29T00:00:00Z
qemu-kvm-10:1.5.3-175.el7_9.1	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:4079	2020-09-30T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
qemu-kvm-10:1.5.3-105.el7_2.20	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:4048	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
qemu-kvm-10:1.5.3-126.el7_3.18	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:4050	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
qemu-kvm-10:1.5.3-126.el7_3.18	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:4050	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
qemu-kvm-10:1.5.3-126.el7_3.18	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:4050	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
qemu-kvm-10:1.5.3-141.el7_4.11	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:4051	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
qemu-kvm-10:1.5.3-141.el7_4.11	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:4051	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
qemu-kvm-10:1.5.3-141.el7_4.11	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:4051	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
qemu-kvm-10:1.5.3-160.el7_6.8	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:4052	2020-09-29T00:00:00Z
qemu-kvm-ma-10:2.12.0-18.el7_6.7	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:4162	2020-10-01T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
qemu-kvm-ma-10:2.12.0-33.el7_7.4	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:4047	2020-09-29T00:00:00Z
qemu-kvm-10:1.5.3-167.el7_7.7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:4053	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
virt-devel:rhel-8020020200909224913.4cda2c84	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4059	2020-09-29T00:00:00Z
virt:rhel-8020020200909224913.4cda2c84	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4059	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
virt:rhel-8000020200910175113.f8e95b4e	cpe:/a:redhat:rhel_e4s:8.0	RHSA-2020:4058	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
virt-devel:rhel-8010020200917181121.c27ad7f8	cpe:/a:redhat:rhel_eus:8.1	RHSA-2020:4049	2020-09-29T00:00:00Z
virt:rhel-8010020200917181121.c27ad7f8	cpe:/a:redhat:rhel_eus:8.1	RHSA-2020:4049	2020-09-29T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.12.0-33.el7_7.12	cpe:/a:redhat:openstack:10::el7	RHSA-2020:4176	2020-10-05T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
qemu-kvm-rhev-10:2.12.0-48.el7_9.1	cpe:/a:redhat:openstack:13::el7	RHSA-2020:4167	2020-10-05T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS
qemu-kvm-rhev-10:2.12.0-18.el7_6.12	cpe:/a:redhat:openstack:13::el7	RHSA-2020:4167	2020-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.12.0-48.el7_9.1	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2020:4111	2020-09-30T00:00:00Z
redhat-virtualization-host-0:4.3.11-20200922.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2020:4115	2020-09-30T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.2-20200930.0.el8_2	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2020:4172	2020-10-05T00:00:00Z
Red Hat Virtualization Engine 4.3
qemu-kvm-rhev-10:2.12.0-48.el7_9.1	cpe:/a:redhat:rhev_manager:4.3	RHSA-2020:4111	2020-09-30T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2373-1	qemu security update
Debian DSA	DSA-4760-1	qemu security update
Ubuntu USN	USN-4511-1	QEMU vulnerability
Ubuntu USN	USN-4467-2	QEMU vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html
https://bugzilla.redhat.com/show_bug.cgi?id=1869201
https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/
https://nvd.nist.gov/vuln/detail/CVE-2020-14364
https://security.gentoo.org/glsa/202009-14
https://security.gentoo.org/glsa/202011-09
https://security.netapp.com/advisory/ntap-20200924-0006/
https://usn.ubuntu.com/4511-1/
https://www.cve.org/CVERecord?id=CVE-2020-14364
https://www.debian.org/security/2020/dsa-4760
https://www.openwall.com/lists/oss-security/2020/08/24/2
https://www.openwall.com/lists/oss-security/2020/08/24/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-08-31T17:11:52

Updated: 2024-08-04T12:46:34.192Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14364

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-31T18:15:12.827

Modified: 2024-11-21T05:03:05.880

Link: CVE-2020-14364

Redhat

Severity : Important

Publid Date: 2020-08-24T12:00:00Z

Links: CVE-2020-14364 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object