CVE-2020-27617
QEMU: net: an assert failure via eth_get_gso_type
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
La función eth_get_gso_type en el archivo net/eth.c en QEMU versión 4.2.1, permite a usuarios de OS invitados desencadenar un error de aserción. Un invitado puede bloquear el proceso de QEMU por medio de paquetes de datos que carecen de un protocolo de Capa 3 válido
An assert(3) failure flaw was found in the networking helper functions of QEMU. This vulnerability can occur in the eth_get_gso_type() routine if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. This flaw allows a guest user to crash the QEMU process on the host, resulting in a denial of service.
An update that solves 15 vulnerabilities and has two fixes is now available. This update for qemu fixes the following issues. Fixed OOB access in sm501 device emulation. Fixed use-after-free in usb xhci packet handling. Fixed use-after-free in usb ehci packet handling. Fixed infinite loop in usb hcd-ohci emulation. Fixed OOB access in usb hcd-ohci emulation. Fixed guest triggerable assert in shared network handling code. Fixed infinite loop in e1000e device emulation. Fixed OOB access in atapi emulation. Fixed heap overflow in MSIx emulation. Fixed null pointer deref. In mmio ops. Fixed infinite loop in e1000 device emulation. Fixed OOB access in rtl8139 NIC emulation. Fixed OOB access in other NIC emulations. Fixed OOB access in ati-vga emulation. Fixed OOB access in SLIRP ARP/NCSI packet processing directories and log files SLE15-SP3, and openSUSE equivalents This update was imported from the SUSE:SLE-15-SP2:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-22 CVE Reserved
- 2020-11-06 CVE Published
- 2024-08-04 CVE Updated
- 2025-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20201202-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/11/02/1 | 2022-09-23 | |
| https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html | 2022-09-23 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-27617 | 2021-08-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1891668 | 2021-08-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 4.2.1 Search vendor "Qemu" for product "Qemu" and version "4.2.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||