CVE-2020-28916 log

Source
Severity Medium
Remote No
Type Denial of service
Description
An infinite loop issue was found in the e1000e device emulator in QEMU before version 5.2.0. The issue could occur while receiving packets via e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has NULL buffer address. A privileged guest user may use this flaw to induce a DoS scenario on the host.
Group Package Affected Fixed Severity Status Ticket
AVG-1300 qemu 5.1.0-3 5.2.0-1 Medium Fixed FS#68356
Date Advisory Group Package Severity Type
16 Dec 2020 ASA-202012-26 AVG-1300 qemu Medium multiple issues
References
https://www.openwall.com/lists/oss-security/2020/12/01/2
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=c2cb511634012344e3d0fe49a037a33b12d8a98a