From: Marc Deslauriers
Date: Feb 19, 2020 1:51AM
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU
incorrectly handled iSCSI server responses. A remote attacker in control of
the iSCSI server could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code. (CVE-2020-1711)
It was discovered that the QEMU libslirp component incorrectly handled
memory. A remote attacker could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-7039, CVE-2020-8608)
References:
https://usn.ubuntu.com/4283-1
CVE-2020-1711, CVE-2020-7039, CVE-2020-8608
沒有留言:
張貼留言