Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-4467-2
Vulnerability from osv_ubuntu
USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253)
Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361)
Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362)
Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory space operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13659)
Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754)
Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2020-14364)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-13253",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13361",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13362",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13659",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13754",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-14364",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
}
],
"aliases": [],
"details": "USN-4467-1 fixed several vulnerabilities in QEMU. This update provides\nthe corresponding update for Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\n It was discovered that the QEMU SD memory card implementation incorrectly\n handled certain memory operations. An attacker inside a guest could\n possibly use this issue to cause QEMU to crash, resulting in a denial of\n service. (CVE-2020-13253)\n\n Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver\n incorrectly handled certain invalid frame counts. An attacker inside a\n guest could possibly use this issue to cause QEMU to crash, resulting in a\n denial of service. (CVE-2020-13361)\n\n Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver\n incorrectly handled certain memory operations. An attacker inside a guest\n could possibly use this issue to cause QEMU to crash, resulting in a denial\n of service. (CVE-2020-13362)\n\n Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly\n handled certain memory space operations. An attacker inside a guest could\n possibly use this issue to cause QEMU to crash, resulting in a denial of\n service. (CVE-2020-13659)\n\n Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko\n discovered that the QEMU incorrectly handled certain msi-x mmio operations.\n An attacker inside a guest could possibly use this issue to cause QEMU to\n crash, resulting in a denial of service. (CVE-2020-13754)\n\n Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang discovered that\n QEMU incorrectly handled certain USB packets. An attacker could possibly\n use this to expose sensitive information or execute arbitrary code.\n (CVE-2020-14364)\n",
"id": "USN-4467-2",
"modified": "2026-02-10T04:41:54Z",
"published": "2021-02-02T13:27:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13253"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13361"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13362"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13659"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13754"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-14364"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qemu vulnerabilities",
"upstream": [
"UBUNTU-CVE-2020-13253",
"UBUNTU-CVE-2020-13361",
"UBUNTU-CVE-2020-13362",
"UBUNTU-CVE-2020-13659",
"UBUNTU-CVE-2020-13754",
"UBUNTU-CVE-2020-14364"
]
}
ubuntu-cve-2020-13253
Vulnerability from osv_ubuntu
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.45?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.45"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.31?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.31"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3"
]
}
],
"aliases": [],
"details": "sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.",
"id": "UBUNTU-CVE-2020-13253",
"modified": "2025-09-08T16:46:08Z",
"published": "2020-05-27T15:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13253"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13253"
}
],
"related": [
"USN-4467-1",
"USN-4467-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-13253"
]
}
ubuntu-cve-2020-13361
Vulnerability from osv_ubuntu
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.45?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.45"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.31?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.31"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3"
]
}
],
"aliases": [],
"details": "In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.",
"id": "UBUNTU-CVE-2020-13361",
"modified": "2025-09-08T16:46:09Z",
"published": "2020-05-28T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13361"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html"
},
{
"type": "REPORT",
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/1"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13361"
}
],
"related": [
"USN-4467-1",
"USN-4467-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-13361"
]
}
ubuntu-cve-2020-13362
Vulnerability from osv_ubuntu
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.45?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.45"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.31?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.31"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3"
]
}
],
"aliases": [],
"details": "In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.",
"id": "UBUNTU-CVE-2020-13362",
"modified": "2025-09-08T16:46:09Z",
"published": "2020-05-28T15:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13362"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html"
},
{
"type": "REPORT",
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/2"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13362"
}
],
"related": [
"USN-4467-1",
"USN-4467-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-13362"
]
}
ubuntu-cve-2020-13659
Vulnerability from osv_ubuntu
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.45?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.45"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.31?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.31"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3"
]
}
],
"aliases": [],
"details": "address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.",
"id": "UBUNTU-CVE-2020-13659",
"modified": "2025-09-08T16:46:09Z",
"published": "2020-06-02T13:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13659"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13659"
}
],
"related": [
"USN-4467-1",
"USN-4467-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-13659"
]
}
ubuntu-cve-2020-13754
Vulnerability from osv_ubuntu
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.45"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.45?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.45"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.31"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.31?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.31"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.4"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3"
]
}
],
"aliases": [],
"details": "hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.",
"id": "UBUNTU-CVE-2020-13754",
"modified": "2025-09-08T16:46:09Z",
"published": "2020-06-02T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13754"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13754"
}
],
"related": [
"USN-4467-1",
"USN-4467-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-13754"
]
}
ubuntu-cve-2020-14364
Vulnerability from osv_ubuntu
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.47+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.47+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32",
"2.0.0+dfsg-2ubuntu1.33",
"2.0.0+dfsg-2ubuntu1.34",
"2.0.0+dfsg-2ubuntu1.35",
"2.0.0+dfsg-2ubuntu1.36",
"2.0.0+dfsg-2ubuntu1.38",
"2.0.0+dfsg-2ubuntu1.39",
"2.0.0+dfsg-2ubuntu1.40",
"2.0.0+dfsg-2ubuntu1.41",
"2.0.0+dfsg-2ubuntu1.42",
"2.0.0+dfsg-2ubuntu1.43",
"2.0.0+dfsg-2ubuntu1.44",
"2.0.0+dfsg-2ubuntu1.45",
"2.0.0+dfsg-2ubuntu1.46",
"2.0.0+dfsg-2ubuntu1.47"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.46"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.46?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.46"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10",
"1:2.5+dfsg-5ubuntu10.11",
"1:2.5+dfsg-5ubuntu10.13",
"1:2.5+dfsg-5ubuntu10.14",
"1:2.5+dfsg-5ubuntu10.15",
"1:2.5+dfsg-5ubuntu10.16",
"1:2.5+dfsg-5ubuntu10.20",
"1:2.5+dfsg-5ubuntu10.21",
"1:2.5+dfsg-5ubuntu10.22",
"1:2.5+dfsg-5ubuntu10.24",
"1:2.5+dfsg-5ubuntu10.25",
"1:2.5+dfsg-5ubuntu10.26",
"1:2.5+dfsg-5ubuntu10.28",
"1:2.5+dfsg-5ubuntu10.29",
"1:2.5+dfsg-5ubuntu10.30",
"1:2.5+dfsg-5ubuntu10.31",
"1:2.5+dfsg-5ubuntu10.32",
"1:2.5+dfsg-5ubuntu10.33",
"1:2.5+dfsg-5ubuntu10.34",
"1:2.5+dfsg-5ubuntu10.35",
"1:2.5+dfsg-5ubuntu10.36",
"1:2.5+dfsg-5ubuntu10.37",
"1:2.5+dfsg-5ubuntu10.38",
"1:2.5+dfsg-5ubuntu10.39",
"1:2.5+dfsg-5ubuntu10.40",
"1:2.5+dfsg-5ubuntu10.41",
"1:2.5+dfsg-5ubuntu10.42",
"1:2.5+dfsg-5ubuntu10.43",
"1:2.5+dfsg-5ubuntu10.44",
"1:2.5+dfsg-5ubuntu10.45"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.11+dfsg-1ubuntu7.32"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.32?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.11+dfsg-1ubuntu7.32"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.10+dfsg-0ubuntu3",
"1:2.10+dfsg-0ubuntu4",
"1:2.10+dfsg-0ubuntu5",
"1:2.11+dfsg-1ubuntu1",
"1:2.11+dfsg-1ubuntu2",
"1:2.11+dfsg-1ubuntu4",
"1:2.11+dfsg-1ubuntu5",
"1:2.11+dfsg-1ubuntu6",
"1:2.11+dfsg-1ubuntu7",
"1:2.11+dfsg-1ubuntu7.1",
"1:2.11+dfsg-1ubuntu7.2",
"1:2.11+dfsg-1ubuntu7.3",
"1:2.11+dfsg-1ubuntu7.4",
"1:2.11+dfsg-1ubuntu7.5",
"1:2.11+dfsg-1ubuntu7.6",
"1:2.11+dfsg-1ubuntu7.7",
"1:2.11+dfsg-1ubuntu7.8",
"1:2.11+dfsg-1ubuntu7.9",
"1:2.11+dfsg-1ubuntu7.10",
"1:2.11+dfsg-1ubuntu7.12",
"1:2.11+dfsg-1ubuntu7.13",
"1:2.11+dfsg-1ubuntu7.14",
"1:2.11+dfsg-1ubuntu7.15",
"1:2.11+dfsg-1ubuntu7.17",
"1:2.11+dfsg-1ubuntu7.18",
"1:2.11+dfsg-1ubuntu7.19",
"1:2.11+dfsg-1ubuntu7.20",
"1:2.11+dfsg-1ubuntu7.21",
"1:2.11+dfsg-1ubuntu7.22",
"1:2.11+dfsg-1ubuntu7.23",
"1:2.11+dfsg-1ubuntu7.25",
"1:2.11+dfsg-1ubuntu7.26",
"1:2.11+dfsg-1ubuntu7.27",
"1:2.11+dfsg-1ubuntu7.28",
"1:2.11+dfsg-1ubuntu7.29",
"1:2.11+dfsg-1ubuntu7.31"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-data",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-gui",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-x86-microvm",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-system-x86-xen",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-user",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:4.2-3ubuntu6.6"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:4.2-3ubuntu6.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:4.2-3ubuntu6.6?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.2-3ubuntu6.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0+dfsg-0ubuntu9",
"1:4.0+dfsg-0ubuntu10",
"1:4.2-1ubuntu1",
"1:4.2-1ubuntu2",
"1:4.2-3ubuntu1",
"1:4.2-3ubuntu2",
"1:4.2-3ubuntu3",
"1:4.2-3ubuntu4",
"1:4.2-3ubuntu5",
"1:4.2-3ubuntu6",
"1:4.2-3ubuntu6.1",
"1:4.2-3ubuntu6.2",
"1:4.2-3ubuntu6.3",
"1:4.2-3ubuntu6.4",
"1:4.2-3ubuntu6.5"
]
}
],
"aliases": [],
"details": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice \u0027setup_len\u0027 exceeds its \u0027data_buf[4096]\u0027 in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.",
"id": "UBUNTU-CVE-2020-14364",
"modified": "2025-09-08T16:46:11Z",
"published": "2020-08-24T12:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-14364"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4511-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4467-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
}
],
"related": [
"USN-4511-1",
"USN-4467-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-14364"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.