Note:
This project will be discontinued after December 13, 2021. [more]
2020-05-27
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
| Products | Ubuntu_linux, Debian_linux, Qemu |
| Type | Out-of-bounds Read (CWE-125) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
• https://usn.ubuntu.com/4467-1/ • https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html • https://bugzilla.redhat.com/show_bug.cgi?id=1838546 • https://security.gentoo.org/glsa/202011-09 |