N/A

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

N/A

内存缓冲区边界内操作的限制不恰当

QEMU 缓冲区错误漏洞

QEMU（Quick Emulator）是法国法布里斯-贝拉（Fabrice Bellard）个人开发者的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 存在缓冲区错误漏洞，攻击者可利用该漏洞触发内存损坏，从而触发拒绝服务，并可能在主机系统上运行代码。

N/A

N/A