低危 QEMU缓冲区溢出漏洞
CVE编号
CVE-2020-14364利用情况
暂无补丁情况
官方补丁披露时间
2020-09-01漏洞描述
在5.2.0之前的版本中,QEMU的USB仿真器中发现了超出范围的读/写访问漏洞。在do_token_in,do_token_out例程中USBDevice'setup_len'超过其'data_buf [4096]'时,处理guest的USB数据包时会发生此问题。此缺陷使来宾用户可以使QEMU进程崩溃,从而导致拒绝服务,或可能在主机上利用QEMU进程的特权执行任意代码。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:http://xenbits.xen.org/xsa/advisory-335.html受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | qemu | qemu | * | Up to (excluding) 5.2.0 | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | openstack | 10 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | openstack | 13 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | qemu-kvm-tools | * | Up to (excluding) 2.12.0-48.1.al7.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | xen | * | Up to (excluding) 4.12.3-r3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | xen | * | Up to (excluding) 4.13.1-r3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | qemu | * | Up to (excluding) 4.13.1-r3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | qemu | * | Up to (excluding) 5.1.0-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | qemu | * | Up to (excluding) 5.1.0-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | qemu | * | Up to (excluding) 5.1.0-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.16 | qemu | * | Up to (excluding) 5.1.0-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.17 | qemu | * | Up to (excluding) 5.1.0-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.18 | qemu | * | Up to (excluding) 5.1.0-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.9 | xen | * | Up to (excluding) 4.11.4-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | xen | * | Up to (excluding) 4.13.1-r5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | qemu | * | Up to (excluding) 3.1.0-8.amzn2.0.5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | qemu-kvm | * | Up to (excluding) 1.5.3-156.24.amzn1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_6 | qemu-kvm-tools | * | Up to (excluding) 0.12.1.2-2.506.el6_10.8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_7 | qemu-kvm | * | Up to (excluding) 1.5.3-175.el7_9.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | libvirt-daemon-driver-nodedev | * | Up to (excluding) 1.38.4-15.module+el8.2.0+5297+222a20af | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | qemu | * | Up to (excluding) 1:3.1+dfsg-8+deb10u8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | qemu | * | Up to (excluding) 1:5.1+dfsg-4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | qemu | * | Up to (excluding) 1:5.1+dfsg-4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | qemu | * | Up to (excluding) 1:2.8+dfsg-6+deb9u11 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | qemu | * | Up to (excluding) 1:5.1+dfsg-4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | xen | * | Up to (excluding) 4.12.3-4.fc31 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32 | xen-runtime | * | Up to (excluding) 4.13.1-5.fc32 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_loongarch64_V10SP1 | qemu-guest-agent | * | Up to (excluding) 4.2.0-34.8.p05.a.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10 | qemu-img | * | Up to (excluding) 1.5.3-175.el7_9.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | qemu-seabios | * | Up to (excluding) 4.2.1-lp152.9.6.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | qemu-seabios | * | Up to (excluding) 5.2.0-17.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | oraclelinux-release | * | Up to (excluding) 0.12.1.2-2.506.el6_10.8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | oraclelinux-release | * | Up to (excluding) 4.2.1-4.el7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | libvirt-daemon-driver-storage-gluster | * | Up to (excluding) 4.5.0-42.0.1.module+el8.2.0+5598+5fbb295f | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_6 | qemu-guest-agent | * | Up to (excluding) 2:0.12.1.2-2.506.el6_10.8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | qemu-img | * | Up to (excluding) 1.5.3-175.el7_9.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | libvirt-daemon-driver-nodedev | * | Up to (excluding) 1.38.4-15.module+el8.2.0+5297+222a20af | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | xen | * | Up to (excluding) 3.1.1.1-45.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | qemu | * | Up to (excluding) 1:2.5+dfsg-5ubuntu10.46 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04.7_lts | qemu | * | Up to (excluding) 1:2.5+dfsg-5ubuntu10.46 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | qemu | * | Up to (excluding) 1:2.11+dfsg-1ubuntu7.32 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | qemu | * | Up to (excluding) 1:2.11+dfsg-1ubuntu7.32 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_20.04 | qemu | * | Up to (excluding) 1:4.2-3ubuntu6.6 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_21.04 | qemu | * | Up to (excluding) 1:5.0-5ubuntu9 | |||||
- 攻击路径 本地
- 攻击复杂度 困难
- 权限要求 管控权限
- 影响范围 越权影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
| CWE-ID | 漏洞类型 |
| CWE-125 | 跨界内存读 |
| CWE-787 | 跨界内存写 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论