2235745 – (CVE-2020-24165) CVE-2020-24165 QEMU: use-after-free in TCG accelerator can lead to local privilege escalation

Bug 2235745 (CVE-2020-24165) - CVE-2020-24165 QEMU: use-after-free in TCG accelerator can lead to local privilege escalation

Summary: CVE-2020-24165 QEMU: use-after-free in TCG accelerator can lead to local priv...

Keywords:
Status:	NEW
Alias:	CVE-2020-24165
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2235746 2235747 2235748 2235749 2235750 2235751 2235752
Blocks:	2235755
TreeView+	depends on / blocked

Reported:	2023-08-29 15:36 UTC by Marian Rehak
Modified:	2023-08-31 14:27 UTC (History)
CC List:	11 users (show)
Fixed In Version:	qemu 5.0.0-rc0
Doc Type:	If docs needed, set a value
Doc Text:	A use-after-free vulnerability was found in the Tiny Code Generator (TCG) Accelerator in QEMU, where the TCG generated code can be in the same memory as the TB data structure. This flaw allows attackers to overwrite the UAF pointer with code produced from TCG and rewrite key pointer values, possibly leading to local privilege escalation and enabling code execution on the host outside of the TCG sandbox.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-08-29 15:36:55 UTC

An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

https://bugs.launchpad.net/qemu/+bug/1863025
https://pastebin.com/iqCbjdT8

Comment 3 TEJ RATHI 2023-08-31 05:50:31 UTC

Upstream Commit: https://gitlab.com/qemu-project/qemu/-/commit/886cc68943ebe8cf7e5f970be33459f95068a441

Note You need to log in before you can comment on or make changes to this bug.