#VU31805 Reachable Assertion in QEMU - CVE-2020-10761

Cybersecurity Help s.r.o.

Published: 2020-07-24

Vulnerability identifier: #VU31805

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-10761

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the Network Block Device(NBD) Server. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

QEMU: 0.1 - 5.0.0

External links
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
https://www.openwall.com/lists/oss-security/2020/06/09/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for QEMU

OpenSUSE Linux update for qemu

Multiple vulnerabilities in QEMU