Out-of-Bounds Write Vulnerability in QEMU's Memory Management API

Out-of-Bounds Write Vulnerability in QEMU's Memory Management API

CVE-2020-27821 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

Learn more about our Api Penetration Testing.