PT-2020-5307 · Qemu+9 · Qemu+9

Ziming Zhang

Published

2020-08-11

Updated

2024-06-15

CVE-2020-16092

CVSS v3.1

6.4

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 5.0.0

Description The issue is related to an assertion failure in the network packet processing, affecting the e1000e and vmxnet3 network devices. A malicious guest user or process could exploit this flaw to abort the QEMU process on the host, resulting in a denial of service condition. This occurs in the net tx pkt add raw fragment function in hw/net/net tx pkt.c.

Recommendations For QEMU versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the net tx pkt add raw fragment function in hw/net/net tx pkt.c to minimize the risk of exploitation.

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2021:1762

ALT-PU-2020-2595

ALT-PU-2021-1880

ALT-PU-2021-1964

BDU:2021-00073

CESA-2021_0347

CESA-2021_1762

CVE-2020-16092

DLA-2373-1

DSA-4760-1

OPENSUSE-SU-2020:1664-1

OPENSUSE-SU-2020_1664-1

OPENSUSE-SU-2024:11287-1

RHSA-2020:5111

RHSA-2021:0346

RHSA-2021:0347

RHSA-2021:0459

RHSA-2021:0934

RHSA-2021:1762

RHSA-2021_0346

RHSA-2021_0347

RHSA-2021_1762

RLSA-2021:1762

SUSE-SU-2020:2743-1

SUSE-SU-2020:2877-1

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

USN-4467-1

USN-4467-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-5307 · Qemu+9 · Qemu+9

CVE-2020-16092

Weakness Enumeration

Related Identifiers

Affected Products

References · 293