Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15859

Опубликовано: 16 июл. 2020
Источник: redhat
CVSS3: 3.8
EPSS Низкий

Описание

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

A use-after-free flaw was found in the INTEL 82574 NIC (e1000e) emulator of the QEMU. The issue happens while sending packets if the guest user has set the packet data address to the e1000e's MMIO address. This flaw allows a guest user or process to crash the QEMU process on the host, resulting in a denial of service.

Отчет

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmAffected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevWill not fix
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 8virt-develFixedRHSA-2021:419109.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1859168QEMU: net: e1000e: use-after-free while sending packets

EPSS

Процентиль: 5%
0.00026
Низкий

3.8 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15859

CVSS3: 3.3
ubuntu
почти 5 лет назад

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

nvd логотип

CVE-2020-15859

CVSS3: 3.3
nvd
почти 5 лет назад

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

msrc логотип

CVE-2020-15859

CVSS3: 3.3
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-15859

CVSS3: 3.3
debian
почти 5 лет назад

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...

github логотип

GHSA-xvx4-fr25-r858

CVSS3: 3.3
github
около 3 лет назад

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

EPSS

Процентиль: 5%
0.00026
Низкий

3.8 Low

CVSS3