CVE-2020-16092 — Reachable Assertion in Qemu
Severity
3.8LOWNVD
EPSS
0.0%
top 88.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 11
Latest updateMay 24
Description
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 2.0 | Impact: 1.4
Affected Packages3 packages
Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 20.04
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4Microsoft▶
In QEMU through 5.0.0 an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to ↗2020-08-11
Red Hat▶
QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c↗2020-07-27
Debian▶
CVE-2020-16092: qemu - In QEMU through 5.0.0, an assertion failure can occur in the network packet proc...↗2020
💬Community
4Bugzilla▶
CVE-2020-16092 xen: QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c [fedora-all]↗2020-07-27
Bugzilla▶
CVE-2020-16092 qemu: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c [fedora-all]↗2020-07-27
Bugzilla▶
CVE-2020-16092 qemu: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c [epel-7]↗2020-07-27
Bugzilla▶
CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c↗2020-07-24