Bugzilla – Bug 1214732
VUL-0: DISPUTED: CVE-2020-24165: qemu: TCG Accelerator in QEMU allows local attackers to execute arbitrary code
Last modified: 2023-09-18 08:15:51 UTC
CVE-2020-24165 An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24165 https://www.cve.org/CVERecord?id=CVE-2020-24165 https://bugs.launchpad.net/qemu/+bug/1863025 https://pastebin.com/iqCbjdT8
patch looks to be: https://gitlab.com/qemu-project/qemu/-/commit/886cc68943eb
Hi, it does not make a lot of sense for a CVE to be assigned to a TCG bug. TCG is not security supported, neither upstream, nor downstream. For upstream, see: https://qemu-project.gitlab.io/qemu/system/security.html " Non-virtualization Use Case The non-virtualization use case covers emulation using the Tiny Code Generator (TCG). In principle the TCG and device emulation code used in conjunction with the non-virtualization use case should meet the same security requirements as the virtualization use case. However, for historical reasons much of the non-virtualization use case code was not written with these security requirements in mind. Bugs affecting the non-virtualization use case are not considered security bugs at this time. Users with non-virtualization use cases must not rely on QEMU to provide guest isolation or any security guarantees. " Downstream, this is documented in our SLE documentation: https://documentation.suse.com/sles/15-SP5/single-html/SLES-virtualization/#cha-virt-support I have already proposed making it more prominent in our docs. It is also mentioned in our supported.x86.txt that we distribute with the package. In the future, we will try not to distribute this part of functionality where technically possible at all.
turned into regular bug https://bugzilla.suse.com/show_bug.cgi?id=1214755