CVE-2020-11947 — LOW (3.8) — White Hats Nepal

Vulnerability Description

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

CVSS Score

3.8

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Qemu	Qemu	4.1.0

Related Weaknesses (CWE)

CWE-125

References

http://www.openwall.com/lists/oss-security/2021/01/13/4Mailing ListPatchThird Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a
https://security.netapp.com/advisory/ntap-20210212-0001/Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/01/13/4Mailing ListPatchThird Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a
https://security.netapp.com/advisory/ntap-20210212-0001/Third Party Advisory

FAQ

What is CVE-2020-11947?

CVE-2020-11947 is a vulnerability with a CVSS score of 3.8 (LOW). iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

How severe is CVE-2020-11947?

CVE-2020-11947 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11947?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu.