CVE 2020-25624
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
Related bugs and status
CVE-2020-25624 (Candidate) is related to these bugs:
Bug #1897854: groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1897854 | groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed. | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
Bug #1907656: [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | Ubuntu on IBM z Systems | High | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Groovy) | Undecided | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Hirsute) | Undecided | Fix Released | ||
| 1907656 | [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1907789: 2.35.50 breaks ld -no-pie
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1907789 | 2.35.50 breaks ld -no-pie | binutils (Ubuntu) | Undecided | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | binutils | Medium | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | qemu (Ubuntu) | High | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | s390-tools (Ubuntu) | Undecided | Fix Released | ||
| 1907789 | 2.35.50 breaks ld -no-pie | Ubuntu on IBM z Systems | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
