CVE-2020-16092

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html

http://www.openwall.com/lists/oss-security/2020/08/10/1

https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html

https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html

https://security.netapp.com/advisory/ntap-20200821-0006/

https://usn.ubuntu.com/4467-1/

https://www.debian.org/security/2020/dsa-4760

Details

Source: MITRE

Published: 2020-08-11

Updated: 2020-10-13

Type: CWE-617

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 3.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 5.0.0 (inclusive)

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
155325Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2021-1762)NessusOracle Linux Local Security Checks
medium
149772CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2021:1762)NessusCentOS Local Security Checks
medium
149669RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:1762)NessusRed Hat Local Security Checks
medium
148966SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1305-1)NessusSuSE Local Security Checks
high
148761SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1241-1)NessusSuSE Local Security Checks
high
148758SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1240-1)NessusSuSE Local Security Checks
high
148757SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1244-1)NessusSuSE Local Security Checks
high
148752SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1245-1)NessusSuSE Local Security Checks
high
147918Amazon Linux AMI : qemu-kvm (ALAS-2021-1488)NessusAmazon Linux Local Security Checks
medium
147909Amazon Linux 2 : qemu (ALAS-2021-1617)NessusAmazon Linux Local Security Checks
medium
147882RHEL 7 : qemu-kvm-rhev (RHSA-2021:0934)NessusRed Hat Local Security Checks
medium
147700EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1667)NessusHuawei Local Security Checks
medium
147523EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1632)NessusHuawei Local Security Checks
medium
147490EulerOS Virtualization 3.0.6.6 : qemu (EulerOS-SA-2021-1455)NessusHuawei Local Security Checks
medium
146316RHEL 7 : qemu-kvm-rhev (RHSA-2021:0459)NessusRed Hat Local Security Checks
medium
146269Oracle Linux 7 : qemu (ELSA-2021-9034)NessusOracle Linux Local Security Checks
medium
146098CentOS 7 : qemu-kvm (CESA-2021:0347)NessusCentOS Local Security Checks
medium
146080RHEL 7 : qemu-kvm-ma (RHSA-2021:0346)NessusRed Hat Local Security Checks
medium
146077Oracle Linux 7 : qemu-kvm (ELSA-2021-0347)NessusOracle Linux Local Security Checks
medium
146075RHEL 7 : qemu-kvm (RHSA-2021:0347)NessusRed Hat Local Security Checks
medium
144161EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-2531)NessusHuawei Local Security Checks
medium
143815SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:2877-1)NessusSuSE Local Security Checks
medium
143810SUSE SLES12 Security Update : qemu (SUSE-SU-2020:2743-1)NessusSuSE Local Security Checks
medium
142982RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2020:5111)NessusRed Hat Local Security Checks
medium
141409openSUSE Security Update : qemu (openSUSE-2020-1664)NessusSuSE Local Security Checks
medium
140821EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-2054)NessusHuawei Local Security Checks
low
140541Debian DLA-2373-1 : qemu security updateNessusDebian Local Security Checks
medium
140317EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1947)NessusHuawei Local Security Checks
medium
140301Debian DSA-4760-1 : qemu - security updateNessusDebian Local Security Checks
medium
139725Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : QEMU vulnerabilities (USN-4467-1)NessusUbuntu Local Security Checks
medium