CVE-2020-13253

NameCVE-2020-13253
Descriptionsd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2373-1, DLA-3099-1
Debian Bugs961297

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)bullseye1:5.2+dfsg-11+deb11u3fixed
bullseye (security)1:5.2+dfsg-11+deb11u4fixed
bookworm1:7.2+dfsg-7+deb12u12fixed
sid, trixie1:10.0.0+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourcestretch1:2.8+dfsg-6+deb9u11DLA-2373-1
qemusourcebuster1:3.1+dfsg-8+deb10u9DLA-3099-1
qemusource(unstable)1:5.0-8961297

Notes

https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
https://www.openwall.com/lists/oss-security/2020/05/27/2
https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer)
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1)
Search for package or bug name: Reporting problems