CVE-2020-28916
First published: Thu Nov 12 2020(Updated: )
An infinite loop flaw was found in the e1000e device emulator in QEMU. This issue could occur while receiving packets via the e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has a NULL buffer address. This flaw allows a privileged guest user to cause a denial of service. The highest threat from this vulnerability is to system availability.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | =5.0.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| redhat/QEMU | <5.2.0 | 5.2.0 |
| debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-28916 https://nvd.nist.gov/vuln/detail/CVE-2020-28916 https://www.openwall.com/lists/oss-security/2020/12/01/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1903064
- https://access.redhat.com/errata/RHSA-2021:1762
- https://access.redhat.com/security/cve/cve-2020-28916
- http://www.openwall.com/lists/oss-security/2020/12/01/2
- https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
- https://launchpad.net/bugs/cve/CVE-2020-28916
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1903066
- https://www.openwall.com/lists/oss-security/2020/12/01/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1893895
- https://bugzilla.redhat.com/show_bug.cgi?id=1893895
- https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html
- https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
- https://security-tracker.debian.org/tracker/CVE-2020-28916
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28916
- https://nvd.nist.gov/vuln/detail/CVE-2020-28916
- https://ubuntu.com/security/CVE-2020-28916
Frequently Asked Questions
What is the vulnerability ID for this issue in QEMU?
The vulnerability ID for this issue in QEMU is CVE-2020-28916.
What is the severity of CVE-2020-28916?
The severity of CVE-2020-28916 is medium (CVSS score of 5.5).
How does the vulnerability in QEMU occur?
The vulnerability in QEMU occurs due to an infinite loop in the e1000e device emulator while receiving packets with a NULL buffer address in the RX descriptor.
What is the impact of CVE-2020-28916?
The impact of CVE-2020-28916 is a denial of service, allowing a privileged guest user to cause the system to enter an infinite loop.
How can I fix the CVE-2020-28916 vulnerability in QEMU?
To fix the CVE-2020-28916 vulnerability in QEMU, update to version 5.2.0 or later.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-28916
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/qemu
- canonical/qemu qemu
- version/qemu qemu/5.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/redhat
- package-manager/debian