First published: Fri Jul 24 2020(Updated: )
An assertion failure flaw was found in QEMU in the network packet processing component. This issue affects the "e1000e" and "vmxnet3" network devices. This flaw allows a malicious guest user or process to abort the QEMU process on the host, resulting in a denial of service.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/qemu-kvm-ma | <10:2.12.0-48.el7_9.2 | 10:2.12.0-48.el7_9.2 |
redhat/qemu-kvm | <10:1.5.3-175.el7_9.3 | 10:1.5.3-175.el7_9.3 |
redhat/qemu-kvm-rhev | <10:2.12.0-48.el7_9.2 | 10:2.12.0-48.el7_9.2 |
QEMU qemu | <=5.0.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
openSUSE Leap | =15.2 | |
redhat/qemu-kvm | <5.1.0 | 5.1.0 |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2020-16092.
The severity of CVE-2020-16092 is low.
QEMU versions up to 5.0.0 are affected, specifically the e1000e and vmxnet3 network devices.
A malicious guest user/process could exploit CVE-2020-16092 to abort the QEMU process on the host, causing a denial of service.
You can find more information about CVE-2020-16092 in the following references: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1861058), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1861059), [Reference 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1861060).