Launchpad.net

CVE 2020-27821

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

Related bugs and status

CVE-2020-27821 (Candidate) is related to these bugs:

Bug #1907656: [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset

		In	Importance	Status
1907656	[UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset	qemu (Ubuntu)	Undecided	Fix Released
1907656	[UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset	Ubuntu on IBM z Systems	High	Fix Released
1907656	[UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset	qemu (Ubuntu Groovy)	Undecided	Fix Released
1907656	[UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset	qemu (Ubuntu Hirsute)	Undecided	Fix Released
1907656	[UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset	qemu (Ubuntu Focal)	Undecided	Fix Released

Bug #1907789: 2.35.50 breaks ld -no-pie

		In	Importance	Status
1907789	2.35.50 breaks ld -no-pie	binutils (Ubuntu)	Undecided	Fix Released
1907789	2.35.50 breaks ld -no-pie	binutils	Medium	Fix Released
1907789	2.35.50 breaks ld -no-pie	qemu (Ubuntu)	High	Fix Released
1907789	2.35.50 breaks ld -no-pie	s390-tools (Ubuntu)	Undecided	Fix Released
1907789	2.35.50 breaks ld -no-pie	Ubuntu on IBM z Systems	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-27821

Related bugs and status

Related bugs

References