#VU44163 Reachable Assertion in QEMU - CVE-2020-16092


Vulnerability identifier: #VU44163

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-16092

CWE-ID: CWE-617

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing certain network packets on "e1000e" and "vmxnet3" devices in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c. A remote attacker on a guest operating system can send a specially crafted packet that will result in hypervisor crash.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

QEMU: 5.0.0

External links
https://seclists.org/oss-sec/2020/q3/106
https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Junos Space
Amazon Linux AMI update for qemu-kvm
Red Hat OpenStack Platform13 update for qemu-kvm-rhev
Red Hat Virtualization update for qemu-kvm-rhev
CentOS 7 update for qemu-kvm
Red Hat Enterprise Linux 7 update for qemu-kvm
Red Hat Enterprise Linux 7 update for qemu-kvm-ma
OpenSUSE Linux update for qemu
Debian update for qemu
Denial of service in QEMU