Bugzilla – Bug 1176810
VUL-1: CVE-2020-25741: kvm,qemu: fdc: null pointer dereference during r/w data transfer
Last modified: 2023-03-08 04:23:21 UTC
CVE-2020-25741: A null pointer dereference issue was found in the Floppy disk emulator of QEMU. It could occur while transferring data via fdctrl_read_data(), fdctrl_write_data() routines, if current drive has a null block pointer. A guest may use this flaw to crash the QEMU process on the host resulting in DoS scenario. References: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html https://bugzilla.redhat.com/show_bug.cgi?id=1881401 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25741
Affects all supported code streams. The code in qemu-1.4.2 and older is slightly different, but also lacks the null pointer check.
This issue is rather old, and the proposed patch never made it upstream, nor it was replaced/superseeded by any other one (i.e., the upstream code is still there and still look the same way as it was looking back then, without this patch). Shall we close it?