oss-sec mailing list archives
CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure
From: Mauro Matteo Cascella <mcascell () redhat com>
Date: Wed, 13 Jan 2021 15:42:17 +0100
Hello all, A heap buffer overflow was found in the QEMU block driver for iSCSI images. This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest. The highest threat from this vulnerability is to data confidentiality. Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 CVE-2020-11947 was assigned to this issue by MITRE Corporation. Best regards. -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
Current thread:
- CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure Mauro Matteo Cascella (Jan 13)