Out-of-bounds Write
CVE-2020-17380
Summary
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the "sdhci_sdma_transfer_multi_blocks()" routine in "hw/sd/sdhci.c". A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
- LOW
- LOCAL
- LOW
- CHANGED
- NONE
- LOW
- LOW
- LOW
CWE-787 - Out-of-Bounds Write
Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.
Advisory Timeline
- Published
