CVE-2020-15863 - OpenCVE

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Canonical	Ubuntu Linux
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:5.1.0:rc0::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/07/22/1	Mailing List Patch Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html	Mailing List Patch Third Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html	Mailing List Patch Third Party Advisory
https://security.gentoo.org/glsa/202208-27	Third Party Advisory
https://usn.ubuntu.com/4467-1/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4760	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-28T15:40:29

Updated: 2022-08-14T19:06:51

Reserved: 2020-07-21T00:00:00

Link: CVE-2020-15863

JSON object: View

NVD Information

Status : Modified

Published: 2020-07-28T16:15:12.777

Modified: 2023-11-07T03:17:56.230

Link: CVE-2020-15863

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-14T19:06:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"}, {"name": "USN-4467-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4467-1/"}, {"name": "DSA-4760", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4760"}, {"name": "openSUSE-SU-2020:1664", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"name": "GLSA-202208-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-27"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15863", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html", "refsource": "MISC", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"}, {"name": "http://www.openwall.com/lists/oss-security/2020/07/22/1", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"}, {"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555", "refsource": "CONFIRM", "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555"}, {"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html", "refsource": "MISC", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"}, {"name": "USN-4467-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4467-1/"}, {"name": "DSA-4760", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4760"}, {"name": "openSUSE-SU-2020:1664", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"name": "GLSA-202208-27", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-27"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15863", "datePublished": "2020-07-28T15:40:29", "dateReserved": "2020-07-21T00:00:00", "dateUpdated": "2022-08-14T19:06:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "44E5B5EB-DF88-46F0-A767-BD3E1B452DBE", "versionEndIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:5.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "23B62009-5A2D-4362-B698-D07FA6484307", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555."}, {"lang": "es", "value": "El archivo hw/net/xgmac.c en el controlador Ethernet XGMAC en QEMU antes del 20/07/2020, presenta un desbordamiento de b\u00fafer. Esto ocurre durante la transmisi\u00f3n de paquetes y afecta a las m\u00e1quinas emuladas highbank y midway. Un usuario o proceso invitado podr\u00eda usar este fallo para bloquear el proceso QEMU en el host, resultando en una denegaci\u00f3n de servicio o una posible ejecuci\u00f3n de c\u00f3digo privilegiado. Esto se corrigi\u00f3 en commit 5519724a13664b43e225ca05351c60b4468e4555"}], "id": "CVE-2020-15863", "lastModified": "2023-11-07T03:17:56.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-28T16:15:12.777", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"}, {"source": "cve@mitre.org", "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-27"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4467-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4760"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}