Vulnerabilities > CVE-2020-27617 - Reachable Assertion vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

qemu

debian

CWE-617

NVD

Published: 2020-11-06

Updated: 2022-09-23

Summary

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 4.2.1	1
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

http://www.openwall.com/lists/oss-security/2020/11/02/1
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html
https://security.netapp.com/advisory/ntap-20201202-0002/
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html