Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2020-15863 First vendor Publication 2020-07-28
Vendor Cve Last vendor Modification 2020-10-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Overall CVSS Score 7.9
Base Score 7.9 Environmental Score 7.9
impact SubScore 5.3 Temporal Score 7.9
Exploitabality Sub Score 2
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Changed Confidentiality Impact Low
Integrity Impact Low Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15863

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 229
Os 3
Os 1

Sources (Detail)

Source Url
CONFIRM http://www.openwall.com/lists/oss-security/2020/07/22/1
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c6...
DEBIAN https://www.debian.org/security/2020/dsa-4760
MISC https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html
UBUNTU https://usn.ubuntu.com/4467-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2020-10-15 21:23:07
  • Multiple Updates
2020-10-13 12:28:53
  • Multiple Updates
2020-10-01 12:27:38
  • Multiple Updates
2020-09-10 21:23:12
  • Multiple Updates
2020-09-09 21:23:07
  • Multiple Updates
2020-09-09 09:22:44
  • Multiple Updates
2020-09-08 17:22:54
  • Multiple Updates
2020-09-07 17:22:48
  • Multiple Updates
2020-09-02 17:23:12
  • Multiple Updates
2020-07-29 21:23:17
  • Multiple Updates
2020-07-28 21:23:02
  • First insertion