CVE-2020-13253

NameCVE-2020-13253
Descriptionsd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2373-1
NVD severitylow
Debian Bugs961297

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)stretch1:2.8+dfsg-6+deb9u9vulnerable
stretch (security)1:2.8+dfsg-6+deb9u12fixed
buster, buster (security)1:3.1+dfsg-8+deb10u8vulnerable
bullseye, sid1:5.1+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourcestretch1:2.8+dfsg-6+deb9u11DLA-2373-1
qemusource(unstable)1:5.0-8961297

Notes

[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
https://www.openwall.com/lists/oss-security/2020/05/27/2
https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer)
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1)

Search for package or bug name: Reporting problems