oss-sec mailing list archives
CVE-2020-28916 QEMU: e1000e: infinite loop scenario in case of null packet descriptor
From: P J P <ppandit () redhat com>
Date: Tue, 1 Dec 2020 14:55:22 +0530 (IST)
Hello,An infinite loop issue was found in the e1000e device emulator in QEMU. The issue could occur while receiving packets via e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has NULL buffer address. A privileged guest user may use this flaw to induce a DoS scenario on the host.
Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html This issue was reported by Cheol-woo Myung. CVE-2020-28916 assigned via -> https://cveform.mitre.org/ Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-28916 QEMU: e1000e: infinite loop scenario in case of null packet descriptor P J P (Dec 01)