Date: Mon, 10 Aug 2020 10:25:43 +0200 From: Mauro Matteo Cascella <mcascell@...hat.com> To: oss-security@...ts.openwall.com Cc: Alexander Bulekov <alxndr@...edu>, ziming zhang <ezrakiez@...il.com> Subject: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Hello, An assertion failure issue was found in QEMU in the network packet processing component. This issue affects the "e1000e" and "vmxnet3" network devices. This flaw allows a malicious guest user or process to abort the QEMU process on the host, resulting in a denial of service condition. Upstream patch: -> https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 This flaw was independently reported by Alexander Bulekov and Ziming Zhang (both CC'd). CVE-2020-16092 requested and assigned via MITRE form: https://cveform.mitre.org/ Regards, -- Mauro Matteo Cascella, Red Hat Product Security 6F78 E20B 5935 928C F0A8 1A9D 4E55 23B8 BB34 10B0
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.