rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
{ "vanir_signatures": [ { "target": { "function": "rom_copy", "file": "hw/core/loader.c" }, "digest": { "length": 806.0, "function_hash": "315737413509995494059465210785208843611" }, "signature_version": "v1", "source": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676", "id": "CVE-2020-13765-52aec4f2", "signature_type": "Function", "deprecated": false }, { "target": { "file": "hw/core/loader.c" }, "digest": { "line_hashes": [ "267339549307449947660949751854151850983", "110132884278840075412521224850424890255", "334845614295670398872123961122288365889", "21360557838413486433886623456299285571" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676", "id": "CVE-2020-13765-65bc6aee", "signature_type": "Line", "deprecated": false } ] }