oss-sec mailing list archives

Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c

From: Michael Tokarev <mjt () tls msk ru>
Date: Mon, 10 Aug 2020 12:18:07 +0300

10.08.2020 11:25, Mauro Matteo Cascella wrote:

Hello,

An assertion failure issue was found in QEMU in the network packet
processing component. This issue affects the "e1000e" and "vmxnet3"
network devices. This flaw allows a malicious guest user or process to
abort the QEMU process on the host, resulting in a denial of service
condition.

Upstream patch:
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8


Hmm. Is it really worth the effort to treat these things as security
issues? There are so many ways to crash a machine (be it virtual or
hardware), there are definitely countless ways to crash things from
within privileged code.. what's the security impact of a hardware
issue when, say, a driver code in the OS does a stupid thing and
the hardware locks up?

Thanks,

/mjt

Current thread:

CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev (Aug 10)
  - Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)