CVE 2020-10702
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
Related bugs and status
CVE-2020-10702 (Candidate) is related to these bugs:
Bug #1749393: sbrk() not working under qemu-user with a PIE-compiled binary?
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | QEMU | Undecided | Fix Released | ||
| 1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | qemu (Ubuntu Focal) | Medium | Fix Released | ||
Bug #1859713: ARM v8.3a pauth not working
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1859713 | ARM v8.3a pauth not working | QEMU | Undecided | Fix Released | ||
Bug #1871830: using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1871830 | using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu | qemu (Ubuntu) | Critical | Fix Released | ||
Bug #1872107: QEMU KVM live migration crashes when the VM is in booting state
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1872107 | QEMU KVM live migration crashes when the VM is in booting state | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1872107 | QEMU KVM live migration crashes when the VM is in booting state | qemu-kvm | Unknown | Unknown | ||
Bug #1872937: Fetch recent CVE and packaging fixes
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1872937 | Fetch recent CVE and packaging fixes | qemu (Ubuntu) | Critical | Fix Released | ||
Bug #1878534: iPhone USB passthrough crashes Windows 10 guest
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1878534 | iPhone USB passthrough crashes Windows 10 guest | qemu (Ubuntu) | Undecided | Incomplete | ||
| 1878534 | iPhone USB passthrough crashes Windows 10 guest | qemu (Debian) | Unknown | Fix Released | ||
Bug #1887763: new default qemu TCG sizes exceed common CI setups
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887763 | new default qemu TCG sizes exceed common CI setups | qemu (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
