Note:
This project will be discontinued after December 13, 2021. [more]
2020-06-02
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
| Products | Ubuntu_linux, Debian_linux, Qemu |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
• https://security.netapp.com/advisory/ntap-20200608-0007/ • http://www.openwall.com/lists/oss-security/2020/06/01/6 • https://usn.ubuntu.com/4467-1/ • http://www.openwall.com/lists/oss-security/2020/06/15/8 |