CVE 2020-25085
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_
Related bugs and status
CVE-2020-25085 (Candidate) is related to these bugs:
Bug #1897854: groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu) | Undecided | Fix Released | ||
1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu Groovy) | Undecided | Fix Released |
Bug #1907656: [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu) | Undecided | Fix Released | ||
1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | Ubuntu on IBM z Systems | High | Fix Released | ||
1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Hirsute) | Undecided | Fix Released | ||
1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Focal) | Undecided | Fix Released |
Bug #1907789: 2.35.50 breaks ld -no-pie
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1907789 | 2.35.50 breaks ld -no-pie | binutils (Ubuntu) | Undecided | Fix Released | ||
1907789 | 2.35.50 breaks ld -no-pie | binutils | Medium | Fix Released | ||
1907789 | 2.35.50 breaks ld -no-pie | qemu (Ubuntu) | High | Fix Released | ||
1907789 | 2.35.50 breaks ld -no-pie | s390-tools (Ubuntu) | Undecided | Fix Released | ||
1907789 | 2.35.50 breaks ld -no-pie | Ubuntu on IBM z Systems | Undecided | Fix Released |
Bug #1907952: qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1907952 | qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0 | QEMU | Undecided | Fix Released | ||
1907952 | qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0 | qemu (Debian) | Unknown | Confirmed | ||
1907952 | qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0 | qemu (Ubuntu) | Undecided | Fix Released |
Bug #1909418: QEMU: Heap Overflow vulnerability in SDHCI Component
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1909418 | QEMU: Heap Overflow vulnerability in SDHCI Component | QEMU | Undecided | Fix Released |
Bug #1913421: Load of pre-upgrade qemu modules needs to avoid noexec
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu) | Undecided | Fix Released | ||
1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Groovy) | Undecided | Won't Fix | ||
1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Bionic) | Undecided | Fix Released | ||
1913421 | Load of pre-upgrade qemu modules needs to avoid noexec | qemu (Ubuntu Hirsute) | Undecided | Fix Released |
Bug #1929926: [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | qemu (Ubuntu) | Medium | Fix Released | ||
1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | Ubuntu on IBM z Systems | Wishlist | Fix Released | ||
1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | qemu (Ubuntu Focal) | Wishlist | Fix Released | ||
1929926 | [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction | qemu (Ubuntu Hirsute) | Wishlist | Fix Released |
Bug #1932264: qemu 6.0 breaks libvirt <7.2
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1932264 | qemu 6.0 breaks libvirt <7.2 | libvirt (Ubuntu) | Undecided | Fix Released | ||
1932264 | qemu 6.0 breaks libvirt <7.2 | qemu (Ubuntu) | Undecided | Fix Released |
Bug #1935617: systemd autopkgtest broken on ppc64el with qemu 6.0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1935617 | systemd autopkgtest broken on ppc64el with qemu 6.0 | qemu (Ubuntu) | Undecided | Fix Released | ||
1935617 | systemd autopkgtest broken on ppc64el with qemu 6.0 | systemd (Ubuntu) | Undecided | Invalid | ||
1935617 | systemd autopkgtest broken on ppc64el with qemu 6.0 | The Ubuntu-power-systems project | High | Fix Released |
See the
CVE page on Mitre.org
for more details.