Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAA8xKjW4-RaRBBR6FC+CzNrAaafKMPGAC9Hkufg=6ODoAkCcCQ@mail.gmail.com>
Date: Mon, 10 Aug 2020 10:25:43 +0200
From: Mauro Matteo Cascella <mcascell@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Alexander Bulekov <alxndr@...edu>, ziming zhang <ezrakiez@...il.com>
Subject: CVE-2020-16092 QEMU: reachable assertion failure in
 net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c

Hello,

An assertion failure issue was found in QEMU in the network packet
processing component. This issue affects the "e1000e" and "vmxnet3"
network devices. This flaw allows a malicious guest user or process to
abort the QEMU process on the host, resulting in a denial of service
condition.

Upstream patch:
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8

This flaw was independently reported by Alexander Bulekov and Ziming
Zhang (both CC'd).
CVE-2020-16092 requested and assigned via MITRE form: https://cveform.mitre.org/

Regards,

-- 
Mauro Matteo Cascella, Red Hat Product Security
6F78 E20B 5935 928C F0A8  1A9D 4E55 23B8 BB34 10B0

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.