VDB

CVE-2020-24352

CVE-2020-24352 PUBLISHED

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

EPSS 0.14% · 33.4th percentile

Risk Scores

EPSS Score
0.14%
33.4th percentile

Affected Products

VendorProductVersions
Ubuntu:25.10qemu1:9.2.1+ds-1ubuntu5, 1:10.0.2+ds-1ubuntu1, 1:10.0.2+ds-1ubuntu2
Ubuntu:22.04:LTSqemu1:6.2+dfsg-2ubuntu6.5, 1:6.2+dfsg-2ubuntu6.6, 1:6.2+dfsg-2ubuntu6.9
Ubuntu:24.04:LTSqemu*, 1:8.0.4+dfsg-1ubuntu4, 1:8.0.4+dfsg-1ubuntu5
Ubuntu:20.04:LTSqemu1:4.2-3ubuntu6.16, 1:4.2-3ubuntu6.17, 1:4.2-3ubuntu6.18

Timeline

  • Oct 12, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›