Login Sign Up

CVE-2020-1711

7.7 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to trigger an out-of-bounds heap buffer access in QEMU's iSCSI Block driver, potentially causing denial of service or arbitrary code execution with QEMU process privileges. It affects QEMU versions 2.12.0 through 4.2.0 when using iSCSI storage. Organizations running virtualized environments with iSCSI storage are primarily affected.

💻 Affected Systems

Products:
  • QEMU
Versions: 2.12.0 through 4.2.0
Operating Systems: Linux distributions with QEMU packages, Windows with QEMU
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using iSCSI block storage backend. Default QEMU configurations without iSCSI are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Leap by Opensuse

View all CVEs affecting Leap →

Openstack by Redhat

View all CVEs affecting Openstack →

Openstack by Redhat

View all CVEs affecting Openstack →

Qemu by Qemu

View all CVEs affecting Qemu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with QEMU process privileges on the host system, potentially leading to full host compromise and lateral movement within the virtualization environment.

🟠

Likely Case

Denial of service through QEMU process crash, disrupting virtual machines using iSCSI storage and causing service interruptions.

🟢

If Mitigated

Limited impact if iSCSI storage is not used or if network segmentation prevents access to iSCSI ports from untrusted networks.

🌐 Internet-Facing: MEDIUM - Requires iSCSI storage configuration and network exposure; not all QEMU deployments use iSCSI or expose it externally.
🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this if iSCSI storage is used within the environment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires network access to iSCSI server and knowledge of iSCSI operations. No public exploit code was found in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QEMU 4.2.1 and later

Vendor Advisory: https://access.redhat.com/errata/RHSA-2020:0669

Restart Required: Yes

Instructions:

1. Update QEMU to version 4.2.1 or later. 2. For Red Hat systems: yum update qemu-kvm. 3. Restart all affected virtual machines and QEMU processes.

🔧 Temporary Workarounds

Disable iSCSI Storage

all

Remove or disable iSCSI block storage backends in QEMU configurations

Edit QEMU configuration files to remove '-drive file=iscsi://...' options
Replace iSCSI storage with local or other storage types

Network Segmentation

linux

Restrict network access to iSCSI ports (default TCP 3260) from untrusted networks

iptables -A INPUT -p tcp --dport 3260 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 3260 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate iSCSI traffic to trusted networks only
  • Monitor for abnormal iSCSI traffic patterns and QEMU process crashes

🔍 How to Verify

Check if Vulnerable:

Check QEMU version: qemu-system-x86_64 --version | grep 'version' and verify if between 2.12.0 and 4.2.0. Check if iSCSI storage is configured.

Check Version:

qemu-system-x86_64 --version | head -1

Verify Fix Applied:

Verify QEMU version is 4.2.1 or later: qemu-system-x86_64 --version. Check that no regression in iSCSI functionality occurs.

📡 Detection & Monitoring

Log Indicators:

  • QEMU process crashes with segmentation faults
  • Abnormal iSCSI connection attempts in system logs
  • Kernel logs showing memory corruption errors

Network Indicators:

  • Unusual iSCSI traffic patterns to QEMU hosts
  • Multiple connection attempts to iSCSI port 3260

SIEM Query:

source="qemu.log" AND ("segmentation fault" OR "crash" OR "SIGSEGV") OR destination_port=3260 AND protocol="tcp" AND abnormal_volume

📊 Metadata

CVE ID: CVE-2020-1711
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CWE: CWE-122
Published: February 11, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-1711, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)