Home > Vulnerability Database > CVE-2020-11947

Mend.io Vulnerability Database

CVE-2020-11947

Good to know:

Date: December 30, 2020

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. After conducting further research, Mend has determined that all versions of qemu up to version v5.0.0 are vulnerable to CVE-2020-11947.

Language: C

Severity Score

3.8

Related Resources (9)

Url: https://security-tracker.debian.org/tracker/CVE-2020-11947

Url: http://www.openwall.com/lists/oss-security/2021/01/13/4

Url: https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5

Url: https://security.netapp.com/advisory/ntap-20210212-0001/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11947

Url: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-11947

Url: https://access.redhat.com/security/cve/CVE-2020-11947

Url: https://www.mend.io/vulnerability-database/CVE-2020-11947

Severity Score

3.8

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	3.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-11947

Good to know:

Date: December 30, 2020

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?