CVE 2020-13754
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
Related bugs and status
CVE-2020-13754 (Candidate) is related to these bugs:
Bug #1749393: sbrk() not working under qemu-user with a PIE-compiled binary?
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | QEMU | Undecided | Fix Released | ||
| 1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | qemu (Ubuntu Focal) | Medium | Fix Released | ||
Bug #1805256: qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images
Bug #1883984: QEMU S/390x sqxbr (128-bit IEEE 754 square root) crashes qemu-system-s390x
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1883984 | QEMU S/390x sqxbr (128-bit IEEE 754 square root) crashes qemu-system-s390x | QEMU | Undecided | Fix Released | ||
| 1883984 | QEMU S/390x sqxbr (128-bit IEEE 754 square root) crashes qemu-system-s390x | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1883984 | QEMU S/390x sqxbr (128-bit IEEE 754 square root) crashes qemu-system-s390x | qemu (Ubuntu Focal) | Medium | Fix Released | ||
Bug #1886318: Qemu after v5.0.0 breaks macos guests
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1886318 | Qemu after v5.0.0 breaks macos guests | QEMU | Undecided | Fix Released | ||
Bug #1887763: new default qemu TCG sizes exceed common CI setups
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887763 | new default qemu TCG sizes exceed common CI setups | qemu (Ubuntu) | Undecided | Fix Released | ||
Bug #1890154: [UBUNTU 20.04] Secure Execution: Unable to start Qemu with "-no-reboot" option
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1890154 | [UBUNTU 20.04] Secure Execution: Unable to start Qemu with "-no-reboot" option | qemu (Ubuntu) | Medium | Fix Released | ||
| 1890154 | [UBUNTU 20.04] Secure Execution: Unable to start Qemu with "-no-reboot" option | Ubuntu on IBM z Systems | Medium | Fix Released | ||
| 1890154 | [UBUNTU 20.04] Secure Execution: Unable to start Qemu with "-no-reboot" option | qemu (Ubuntu Focal) | Medium | Fix Released | ||
Bug #1891203: arm64 - services not running that should be - missing capabilities
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1891203 | arm64 - services not running that should be - missing capabilities | OpenStack Nova Compute Charm | Undecided | New | ||
| 1891203 | arm64 - services not running that should be - missing capabilities | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1891203 | arm64 - services not running that should be - missing capabilities | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1891877: Further stabilize qemu in Focal by updating to 4.2.1 stable release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1891877 | Further stabilize qemu in Focal by updating to 4.2.1 stable release | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1891877 | Further stabilize qemu in Focal by updating to 4.2.1 stable release | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1897854: groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
Bug #1902654: failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1902654 | failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04 | libvirt (Ubuntu) | Undecided | Invalid | ||
| 1902654 | failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04 | qemu (Ubuntu) | Medium | Fix Released | ||
| 1902654 | failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04 | qemu (Ubuntu Groovy) | Medium | Fix Released | ||
| 1902654 | failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04 | qemu (Ubuntu Focal) | Medium | Fix Released | ||
Bug #1903864: qemu-system-x86_64: -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0: Property 'tpm-tis.tpmdev' can't find value 'tpm-tpm0'
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1903864 | qemu-system-x86_64: -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0: Property 'tpm-tis.tpmdev' can't find value 'tpm-tpm0' | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1903864 | qemu-system-x86_64: -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0: Property 'tpm-tis.tpmdev' can't find value 'tpm-tpm0' | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
| 1903864 | qemu-system-x86_64: -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0: Property 'tpm-tis.tpmdev' can't find value 'tpm-tpm0' | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
Bug #1905067: qemu-system-riscv64 sbi_trap_error powering down VM riscv64
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1905067 | qemu-system-riscv64 sbi_trap_error powering down VM riscv64 | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1905067 | qemu-system-riscv64 sbi_trap_error powering down VM riscv64 | qemu (Ubuntu Hirsute) | Undecided | Fix Released | ||
| 1905067 | qemu-system-riscv64 sbi_trap_error powering down VM riscv64 | qemu (Ubuntu Focal) | Undecided | Incomplete | ||
| 1905067 | qemu-system-riscv64 sbi_trap_error powering down VM riscv64 | qemu (Ubuntu Groovy) | Undecided | Won't Fix | ||
Bug #1913395: [UBUNTU 21.04] qemu s390x/pci: Honor vfio DMA limiting
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1913395 | [UBUNTU 21.04] qemu s390x/pci: Honor vfio DMA limiting | qemu (Ubuntu) | High | Fix Released | ||
| 1913395 | [UBUNTU 21.04] qemu s390x/pci: Honor vfio DMA limiting | Ubuntu on IBM z Systems | High | Fix Released | ||
| 1913395 | [UBUNTU 21.04] qemu s390x/pci: Honor vfio DMA limiting | qemu (Ubuntu Groovy) | High | Fix Released | ||
| 1913395 | [UBUNTU 21.04] qemu s390x/pci: Honor vfio DMA limiting | qemu (Ubuntu Focal) | High | Fix Released | ||
Bug #1914883: hart0: trap handler failed (error -2) (Needs cherry-pick ab3d207f)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1914883 | hart0: trap handler failed (error -2) (Needs cherry-pick ab3d207f) | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1914883 | hart0: trap handler failed (error -2) (Needs cherry-pick ab3d207f) | qemu (Ubuntu Focal) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
