Out-of-Bounds Read Vulnerability in QEMU's megasas_lookup_frame Function

Out-of-Bounds Read Vulnerability in QEMU's megasas_lookup_frame Function

CVE-2020-13362 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

Learn more about our User Device Pen Test.