VDB

CVE-2020-13253

CVE-2020-13253 PUBLISHED

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

EPSS 0.12% · 30.0th percentile

Risk Scores

EPSS Score
0.12%
30.0th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSqemu0, 1:4.0+dfsg-0ubuntu10, 1:4.2-1ubuntu2
Ubuntu:Pro:14.04:LTSqemu1.7.0+dfsg-3ubuntu6, 1.7.0+dfsg-3ubuntu7, 2.0.0~rc1+dfsg-0ubuntu1
Ubuntu:16.04:LTSqemu*, 0, *
Ubuntu:18.04:LTSqemu0, 1:2.10+dfsg-0ubuntu3, 1:2.10+dfsg-0ubuntu4

Timeline

  • May 26, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›