CVE-2020-24352 - OpenCVE

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:5.0.0:rc0::::::
	cpe:2.3:a:qemu:qemu:5.0.0:rc1::::::

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1847584
https://git.qemu.org/?p=qemu.git
https://nvd.nist.gov/vuln/detail/CVE-2020-24352
https://security.netapp.com/advisory/ntap-20201123-0003/
https://www.cve.org/CVERecord?id=CVE-2020-24352

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-16T05:05:13

Updated: 2024-08-04T15:12:08.689Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24352

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-16T06:15:12.277

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-24352

Redhat

Severity : Low

Publid Date: 2020-08-14T00:00:00Z

Links: CVE-2020-24352 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-23T11:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.qemu.org/?p=qemu.git"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201123-0003/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24352", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.qemu.org/?p=qemu.git", "refsource": "MISC", "url": "https://git.qemu.org/?p=qemu.git"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"}, {"name": "https://security.netapp.com/advisory/ntap-20201123-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201123-0003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.689Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.qemu.org/?p=qemu.git"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20201123-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24352", "datePublished": "2020-10-16T05:05:13", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T15:12:08.689Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "4203BC24-879F-45F1-B1B5-4C08ADEBB344", "versionEndIncluding": "4.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:5.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "2C05DB27-EE8C-417C-90F8-3A8CB3604CED", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:5.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0386A730-F0CD-4E75-93B4-C01B31EDBEAB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."}, {"lang": "es", "value": "Se detect\u00f3 un problema en QEMU versiones hasta 5.1.0. Se encontr\u00f3 un acceso a memoria fuera de l\u00edmites en la implementaci\u00f3n del dispositivo ATI VGA. Este fallo ocurre en la rutina ati_2d_blt() en el archivo hw/display/ati_2d.c mientras se manejan las operaciones de escritura MMIO por medio de la devoluci\u00f3n de llamada de ati_mm_write(). Un invitado malicioso podr\u00eda usar este fallo para bloquear el proceso QEMU en el host, resultando en una denegaci\u00f3n de servicio"}], "id": "CVE-2020-24352", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-16T06:15:12.277", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://git.qemu.org/?p=qemu.git"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201123-0003/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Yi Ren (Alibaba Cloud Intelligence Security Team) for reporting this issue.", "bugzilla": {"description": "QEMU: out-of-bounds read/write in ati-vga device emulation in ati_2d_blt()", "id": "1847584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.", "An out-of-bounds memory access flaw was found in the ATI VGA device implementation of the QEMU emulator. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."], "name": "CVE-2020-24352", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2020-08-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-24352\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24352"], "statement": "This flaw did not affect the following versions of QEMU as they did not include support for ATI VGA emulation:\n* `qemu-kvm-ma` as shipped with Red Hat Enterprise Linux 7.\n* `qemu-kvm-rhev` as shipped with Red Hat Virtualization and Red Hat OpenStack.\n* `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7 and 8.\n* `virt:8.2/qemu-kvm` as shipped with RHEL Advanced Virtualization.\nATI VGA emulation feature was introduced in QEMU upstream version 4.0.0.", "threat_severity": "Low"}