« List of all CVEs

CVE-2020-13253

Published: 5/27/2020 Last updated: 8/4/2024 Reserved: 5/21/2020

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product Vendor Version
n/a n/a <= *

References (14)