Bug 1176811 - (CVE-2020-25743) VUL-1: CVE-2020-25743: kvm,qemu: ide: null pointer dereference while cancelling i/o operation
(CVE-2020-25743)
VUL-1: CVE-2020-25743: kvm,qemu: ide: null pointer dereference while cancelli...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Dario Faggioli
Security Team bot
https://smash.suse.de/issue/268005/
CVSSv3.1:SUSE:CVE-2020-25743:4.4:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-09-22 13:08 UTC by Wolfgang Frisch
Modified: 2021-11-30 12:55 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-09-22 13:08:48 UTC
CVE-2020-25743

A null pointer dereference issue was found in the IDE disk emulator of QEMU. It could occur while cancelling an i/o operation via ide_cancel_dma_sync() routine, if a block drive pointer is null. A guest may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

References:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
https://bugzilla.redhat.com/show_bug.cgi?id=1881409
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743
Comment 1 Wolfgang Frisch 2020-09-22 15:06:34 UTC
SUSE:SLE-11:Update      qemu  Not affected [1]
SUSE:SLE-11-SP1:Update  kvm   Not affected [1]
SUSE:SLE-11-SP3:Update  kvm   Not affected [1]
SUSE:SLE-11-SP4:Update  kvm   Not affected [1]
SUSE:SLE-12-SP2:Update  qemu  Affected
SUSE:SLE-12-SP3:Update  qemu  Affected
SUSE:SLE-12-SP4:Update  qemu  Affected
SUSE:SLE-12-SP5:Update  qemu  Affected
SUSE:SLE-15:Update      qemu  Affected
SUSE:SLE-15-SP1:Update  qemu  Affected
SUSE:SLE-15-SP2:Update  qemu  Affected

[1] Not reproducible.
Comment 2 Gianluca Gabrielli 2021-04-02 11:45:26 UTC
Hi team, do you have any update on this?
Comment 3 José Ricardo Ziviani 2021-05-25 20:06:53 UTC
(In reply to Gianluca Gabrielli from comment #2)
> Hi team, do you have any update on this?

The patch[1] hasn't have any update since Sep 30, 2020. I'll monitor it.