CVE-2020-16092

Public on 2020-08-11

Modified on 2021-03-19

Description

An assertion failure flaw was found in QEMU in the network packet processing component. This issue affects the "e1000e" and "vmxnet3" network devices. This flaw allows a malicious guest user or process to abort the QEMU process on the host, resulting in a denial of service.

Severity

Low

See what this means

CVSS v3 Base Score

3.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	qemu	2021-03-18 01:13	ALAS2-2021-1617
Amazon Linux 1	qemu-kvm	2021-03-18 17:30	ALAS-2021-1488

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
NVD	CVSSv2	2.1	AV:L/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv3	3.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

References

Red Hat: CVE-2020-16092 Mitre: CVE-2020-16092 FAQs regarding Amazon Linux ALAS/CVE Severity