{"containers": {"cna": {"affected": [{"product": "QEMU", "vendor": "n/a", "versions": [{"status": "affected", "version": "QEMU versions before 5.2.0"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 leads to CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-11T05:06:21", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"}, {"name": "DSA-4760", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4760"}, {"name": "FEDORA-2020-3689b67b53", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"}, {"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"}, {"name": "FEDORA-2020-eeb29955ed", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"}, {"name": "USN-4511-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4511-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200924-0006/"}, {"name": "GLSA-202009-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202009-14"}, {"name": "openSUSE-SU-2020:1664", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"name": "GLSA-202011-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202011-09"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "QEMU", "version": {"version_data": [{"version_value": "QEMU versions before 5.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125 leads to CWE-787"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"}, {"name": "https://www.openwall.com/lists/oss-security/2020/08/24/3", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"}, {"name": "https://www.openwall.com/lists/oss-security/2020/08/24/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"}, {"name": "DSA-4760", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4760"}, {"name": "FEDORA-2020-3689b67b53", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"}, {"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"}, {"name": "FEDORA-2020-eeb29955ed", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"}, {"name": "USN-4511-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4511-1/"}, {"name": "https://security.netapp.com/advisory/ntap-20200924-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200924-0006/"}, {"name": "GLSA-202009-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202009-14"}, {"name": "openSUSE-SU-2020:1664", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"name": "GLSA-202011-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-09"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.192Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"}, {"name": "DSA-4760", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4760"}, {"name": "FEDORA-2020-3689b67b53", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"}, {"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"}, {"name": "FEDORA-2020-eeb29955ed", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"}, {"name": "USN-4511-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4511-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200924-0006/"}, {"name": "GLSA-202009-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202009-14"}, {"name": "openSUSE-SU-2020:1664", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"name": "GLSA-202011-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202011-09"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14364", "datePublished": "2020-08-31T17:11:52", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:46:34.192Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BB4748D-7B13-45A4-92E3-8AB072BB0FE6", "versionEndExcluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de acceso de lectura/escritura fuera de l\u00edmites en el emulador USB de QEMU en versiones anteriores a la 5.2.0. Este problema ocurre mientras se procesan paquetes USB de un invitado cuando USBDevice \"setup_len\" excede su \"data_buf [4096]\" en las rutinas do_token_in, do_token_out. Este fallo permite a un usuario invitado bloquear el proceso de QEMU, lo que resulta en una denegaci\u00f3n de servicio o la posible ejecuci\u00f3n de c\u00f3digo arbitraria con los privilegios del proceso de QEMU en el host"}], "id": "CVE-2020-14364", "lastModified": "2023-11-07T03:17:11.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-31T18:15:12.827", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202009-14"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202011-09"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200924-0006/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4511-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4760"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Xiao Wei (360.com) and Ziming Zhang for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:4290", "cpe": "cpe:/a:redhat:advanced_virtualization:8.1::el8", "package": "virt:8.1-8010120200911011910.5db1954d", "product_name": "Advanced Virtualization for RHEL 8.1.1", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4290", "cpe": "cpe:/a:redhat:advanced_virtualization:8.1::el8", "package": "virt-devel:8.1-8010120200911011910.5db1954d", "product_name": "Advanced Virtualization for RHEL 8.1.1", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4291", "cpe": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "package": "virt:8.2-8020120200909235106.863bb0db", "product_name": "Advanced Virtualization for RHEL 8.2.1", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4291", "cpe": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "package": "virt-devel:8.2-8020120200909235106.863bb0db", "product_name": "Advanced Virtualization for RHEL 8.2.1", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4056", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.506.el6_10.8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-10-07T00:00:00Z"}, {"advisory": "RHSA-2020:4054", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "qemu-kvm-2:0.12.1.2-2.415.el6_5.21", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4055", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "qemu-kvm-2:0.12.1.2-2.448.el6_6.9", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4078", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-ma-10:2.12.0-48.el7_9.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-175.el7_9.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-30T00:00:00Z"}, {"advisory": "RHSA-2020:4048", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "qemu-kvm-10:1.5.3-105.el7_2.20", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4050", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.18", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4050", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.18", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4050", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "qemu-kvm-10:1.5.3-126.el7_3.18", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4051", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "qemu-kvm-10:1.5.3-141.el7_4.11", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4051", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "qemu-kvm-10:1.5.3-141.el7_4.11", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4051", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "qemu-kvm-10:1.5.3-141.el7_4.11", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4052", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "qemu-kvm-10:1.5.3-160.el7_6.8", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4162", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "qemu-kvm-ma-10:2.12.0-18.el7_6.7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-10-01T00:00:00Z"}, {"advisory": "RHSA-2020:4047", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "qemu-kvm-ma-10:2.12.0-33.el7_7.4", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4053", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "qemu-kvm-10:1.5.3-167.el7_7.7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4059", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8020020200909224913.4cda2c84", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4059", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8020020200909224913.4cda2c84", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4058", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "virt:rhel-8000020200910175113.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4049", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "virt-devel:rhel-8010020200917181121.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4049", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "virt:rhel-8010020200917181121.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4176", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.12.0-33.el7_7.12", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2020-10-05T00:00:00Z"}, {"advisory": "RHSA-2020:4167", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "qemu-kvm-rhev-10:2.12.0-48.el7_9.1", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-10-05T00:00:00Z"}, {"advisory": "RHSA-2020:4167", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.12", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-10-05T00:00:00Z"}, {"advisory": "RHSA-2020:4111", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.12.0-48.el7_9.1", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2020-09-30T00:00:00Z"}, {"advisory": "RHSA-2020:4115", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.11-20200922.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2020-09-30T00:00:00Z"}, {"advisory": "RHSA-2020:4172", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.2-20200930.0.el8_2", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2020-10-05T00:00:00Z"}, {"advisory": "RHSA-2020:4111", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "qemu-kvm-rhev-10:2.12.0-48.el7_9.1", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2020-09-30T00:00:00Z"}], "bugzilla": {"description": "QEMU: usb: out-of-bounds r/w access issue while processing usb packets", "id": "1869201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-125->CWE-787", "details": ["An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.", "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host."], "mitigation": {"lang": "en:us", "value": "Using Libvirt management interface to manage guest VMs significantly reduces impact of this issue. Libvirt starts each guest process with an unprivileged system user(ex. qemu) privileges and further confines the process with strict sVirt and SELinux policies.\n* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_security_guide/"}, "name": "CVE-2020-14364", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-08-24T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14364\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14364\nhttps://www.openwall.com/lists/oss-security/2020/08/24/2\nhttps://www.openwall.com/lists/oss-security/2020/08/24/3"], "statement": "This issue affects the version of the qemu-kvm package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7 and 8 may\naddress this issue.\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository.", "threat_severity": "Important", "upstream_fix": "QEMU 5.2.0"}