oss-sec mailing list archives
Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c
From: Michael Tokarev <mjt () tls msk ru>
Date: Mon, 10 Aug 2020 12:18:07 +0300
10.08.2020 11:25, Mauro Matteo Cascella wrote:
Hello, An assertion failure issue was found in QEMU in the network packet processing component. This issue affects the "e1000e" and "vmxnet3" network devices. This flaw allows a malicious guest user or process to abort the QEMU process on the host, resulting in a denial of service condition. Upstream patch: -> https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
Hmm. Is it really worth the effort to treat these things as security issues? There are so many ways to crash a machine (be it virtual or hardware), there are definitely countless ways to crash things from within privileged code.. what's the security impact of a hardware issue when, say, a driver code in the OS does a stupid thing and the hardware locks up? Thanks, /mjt
Current thread:
- CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev (Aug 10)