Bug 2235745 (CVE-2020-24165)
Summary: | CVE-2020-24165 QEMU: use-after-free in TCG accelerator can lead to local privilege escalation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ddepaula, jen, jferlan, jmaloy, knoel, mkenneth, mrezanin, mst, pbonzini, virt-maint, ymankad |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | qemu 5.0.0-rc0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A use-after-free vulnerability was found in the Tiny Code Generator (TCG) Accelerator in QEMU, where the TCG generated code can be in the same memory as the TB data structure. This flaw allows attackers to overwrite the UAF pointer with code produced from TCG and rewrite key pointer values, possibly leading to local privilege escalation and enabling code execution on the host outside of the TCG sandbox.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2235746, 2235747, 2235748, 2235749, 2235750, 2235751, 2235752 | ||
Bug Blocks: | 2235755 |
Description
Marian Rehak
2023-08-29 15:36:55 UTC
|