Showing 1 - 2 of 2

CVE-2020-28916

Status Candidate

Overview

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.

Red Hat Security Advisory 2021-1762-01: Posted May 19, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-1762-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, double free, information leakage, and out of bounds access vulnerabilities.; tags | advisory, overflow, kernel, vulnerability; systems | linux, redhat; advisories | CVE-2020-11947, CVE-2020-16092, CVE-2020-25637, CVE-2020-25707, CVE-2020-25723, CVE-2020-27821, CVE-2020-28916, CVE-2020-29129, CVE-2020-29130, CVE-2020-29443; SHA-256 | 6398e6563eabaa35531faafc6108f399db955a873f719b083ebf7cc40a66c41f; Download | Favorite | View

Ubuntu Security Notice USN-4725-1: Posted Feb 8, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4725-1 - It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Alexander Bulekov discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2020-11947, CVE-2020-15859, CVE-2020-27821, CVE-2020-28916, CVE-2020-29443, CVE-2021-20181; SHA-256 | 0cb00f8c69ce1eb4a48a5ddf3c7250eef70edcf933345ec3243885c6ada0dc3f; Download | Favorite | View

Page 1 of 1 Back 1 Next