CVE-2020-28916 — Infinite Loop in Qemu

CWE-835 — Infinite Loop9 documents7 sources

Severity

5.5MEDIUMNVD

OSV3.8

EPSS

0.0%

top 85.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedDec 4

Latest updateMay 24

Description

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:5.2+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:5.2+dfsg-1+3

▶Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.49+2

▶NVDqemu/qemu5.0.0

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-49q3-9xm4-cpj5: hw/net/e1000e_core↗2022-05-24

▶

OSV

qemu vulnerabilities↗2021-02-08

▶

OSV

CVE-2020-28916: hw/net/e1000e_core↗2020-12-04

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2021-02-08

▶

Red Hat

QEMU: e1000e: infinite loop scenario in case of null packet descriptor↗2020-11-12

▶

Red Hat

QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c↗2020-11-02

▶

Debian

CVE-2020-28916: qemu - hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor wit...↗2020

▶

💬Community

Bugzilla

CVE-2020-25707 QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c↗2020-11-02

▶