CVE-2020-11947
Published: December 31, 2020Last modified: November 8, 2023
Description
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.8 |
Attack Vector | LOCAL |
Attack complexity | LOW |
Privileges required | LOW |
User interaction | NONE |
Scope | CHANGED |
Confidentiality | LOW |
Integrity impact | NONE |
Availability impact | NONE |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | 23 LTS | qemu | Not affected (7.1.0-r4) |
Stream | qemu | Not affected (8.0.4-r0) |