CVE-2020-16092

Public on 2021-03-18
Modified on 2021-03-19
Description
An assertion failure flaw was found in QEMU in the network packet processing component. This issue affects the "e1000e" and "vmxnet3" network devices. This flaw allows a malicious guest user or process to abort the QEMU process on the host, resulting in a denial of service.
Severity
Low
CVSS v3 Base Score
3.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 qemu 2021-03-18 01:13 ALAS2-2021-1617
Amazon Linux 1 qemu-kvm 2021-03-18 17:30 ALAS-2021-1488

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L