CVE-2020-16092
Publication date 11 August 2020
Last updated 24 July 2024
Ubuntu priority
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| qemu | 20.04 LTS focal |
Fixed 1:4.2-3ubuntu6.4
|
| 18.04 LTS bionic |
Fixed 1:2.11+dfsg-1ubuntu7.31
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| qemu-kvm | 20.04 LTS focal | Not in release |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Patch details
| Package | Patch details |
|---|---|
| qemu |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.8 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-4467-1
- QEMU vulnerabilities
- 19 August 2020