oss-sec mailing list archives
CVE-2020-10761 QEMU: nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client
From: P J P <ppandit () redhat com>
Date: Tue, 9 Jun 2020 10:58:08 +0530 (IST)
Hello,Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a crash via assertion failure. It could occur when a nbd-client sends a spec-compliant request that is near the boundary of the maximum permitted length. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS.
Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html Issue introduced since QEMU v4.2 -> https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af server: - Adjust things to allow full 4k name limit rather than previous 256 byte limit - It allowed nbd-client to send longer (>256 bytes) export names This issue was reported by Eric Blake and Xueqiang Wei of Red Hat Inc. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-10761 QEMU: nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client P J P (Jun 08)