CVE-2020-15863
MEDIUMQEMU < 5.0.0 - Buffer Overflow in XGMAC Ethernet Controller
Title source: llmDescription
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
References (8)
Core 8
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://www.openwall.com/lists/oss-security/2020/07/22/1
Patch x_refsource_confirm
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4467-1/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4760
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-27
Scores
CVSS v3
5.3
EPSS
0.0012
EPSS Percentile
30.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Details
CWE
CWE-787
Status
published
Products (6)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
debian/debian_linux
10.0
qemu/qemu
5.1.0 rc0
qemu/qemu
< 5.0.0
Published
Jul 28, 2020
Tracked Since
Feb 18, 2026