iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/01/13/4 | Mailing List Patch Third Party Advisory |
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 | |
https://security.netapp.com/advisory/ntap-20210212-0001/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Feb 2021, 14:40
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/13/4 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210212-0001/ - Third Party Advisory |
12 Feb 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jan 2021, 20:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.8 |
05 Jan 2021, 18:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:qemu:qemu:4.1.0:-:*:*:*:*:*:* | |
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
31 Dec 2020, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2020-12-31 01:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-11947
Mitre link : CVE-2020-11947
CVE.ORG link : CVE-2020-11947
JSON object : View
Products Affected
qemu
- qemu
CWE
CWE-125
Out-of-bounds Read