Launchpad.net

CVE 2020-13253

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

Related bugs and status

CVE-2020-13253 (Candidate) is related to these bugs:

Bug #1749393: sbrk() not working under qemu-user with a PIE-compiled binary?

		In	Importance	Status
1749393	sbrk() not working under qemu-user with a PIE-compiled binary?	QEMU	Undecided	Fix Released
1749393	sbrk() not working under qemu-user with a PIE-compiled binary?	qemu (Ubuntu)	Undecided	Fix Released
1749393	sbrk() not working under qemu-user with a PIE-compiled binary?	qemu (Ubuntu Focal)	Medium	Fix Released

Bug #1805256: qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images

		In	Importance	Status
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	QEMU	Undecided	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	qemu (Ubuntu)	Medium	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	qemu (Ubuntu Focal)	Medium	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	qemu (Ubuntu Bionic)	Medium	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	qemu (Ubuntu Eoan)	Medium	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	kunpeng920	Undecided	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	kunpeng920 upstream-kernel	Undecided	Invalid
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	kunpeng920 ubuntu-20.04	Undecided	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	kunpeng920 ubuntu-19.10	Undecided	Fix Released
1805256	qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images	kunpeng920 ubuntu-18.04	Undecided	Fix Released

Bug #1880822: CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS

Summary				In	Importance	Status
	1880822	CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS		QEMU	Undecided	Fix Released

Bug #1887763: new default qemu TCG sizes exceed common CI setups

Summary				In	Importance	Status
	1887763	new default qemu TCG sizes exceed common CI setups		qemu (Ubuntu)	Undecided	Fix Released

Bug #1897854: groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.

Summary				In	Importance	Status
	1897854	groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.		qemu (Ubuntu)	Undecided	Fix Released
	1897854	groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.		qemu (Ubuntu Groovy)	Undecided	Fix Released

Bug #1902654: failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04

		In	Importance	Status
1902654	failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04	libvirt (Ubuntu)	Undecided	Invalid
1902654	failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04	qemu (Ubuntu)	Medium	Fix Released
1902654	failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04	qemu (Ubuntu Groovy)	Medium	Fix Released
1902654	failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04	qemu (Ubuntu Focal)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-13253

Related bugs and status

Related bugs

References