An assertion failure issue was found in QEMU in the network packet processing component. This issue affects the "e1000e" and "vmxnet3" network devices. This flaw allows a malicious guest user or process to abort the QEMU process on the host, resulting in a denial of service condition. Upstream patch: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16092 https://nvd.nist.gov/vuln/detail/CVE-2020-16092 https://security-tracker.debian.org/tracker/CVE-2020-16092 https://bugzilla.redhat.com/show_bug.cgi?id=1860283
(In reply to filip ambroz from comment #0) > An assertion failure issue was found in QEMU in the network packet > processing component. This issue affects the "e1000e" and "vmxnet3" > network devices. This flaw allows a malicious guest user or process to > abort the QEMU process on the host, resulting in a denial of service > condition. > > Upstream patch: > https://git.qemu.org/?p=qemu.git;a=commit; > h=035e69b063835a5fd23cacabd63690a3d84532a8 This should be in 5.1: qemu $ git tag --contains 035e69b063835 v5.1.0-rc3
We'll pull it in with 5.1.0 release.
