CVE Vulnerabilities

CVE-2020-13659

NULL Pointer Dereference

Published: Jun 02, 2020 | Modified: Nov 21, 2024
CVSS 3.x
2.5
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
2.5 LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
Ubuntu
LOW
root.io logo minimus.io logo echo.ai logo

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

NameVendorStart VersionEnd Version
QemuQemu4.2.0 (including)4.2.0 (including)
QemuUbuntubionic*
QemuUbuntueoan*
QemuUbuntuesm-infra-legacy/trusty*
QemuUbuntuesm-infra-legacy/xenial*
QemuUbuntuesm-infra/bionic*
QemuUbuntuesm-infra/focal*
QemuUbuntuesm-infra/xenial*
QemuUbuntufocal*
QemuUbuntutrusty*
QemuUbuntutrusty/esm*
QemuUbuntuxenial*
Qemu-kvmUbuntuprecise/esm*

Potential Mitigations

References