CVE-2020-29130

Public on 2020-11-26
Modified on 2021-06-22
Description
An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, if the packet length was shorter than required to accommodate respective protocol headers and payload. A privileged guest user may use this flaw to potentially leak host information bytes.
Severity
Low severity
Low
CVSS v3 Base Score
2.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core qemu 2021-06-16 ALAS2-2021-1671 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
NVD CVSSv2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N
NVD CVSSv3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N