CVE-2020-27821

Summary

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

Affected Software

VendorProductVersion RangeStatus
n/aQEMUprior to 5.2.0affected

Weaknesses

  • CWE-787: CWE-787->CWE-122

ADP Enrichment

CVE Program Container

Additional References

References