Bugzilla – Bug 1172710
VUL-0: CVE-2020-10761: qemu: qemu-nbd: reachable assertion failure in nbd_negotiate_send_rep_verr via remote client
Last modified: 2021-05-31 16:15:14 UTC
CVE-2020-10761 Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a crash via assertion failure. A nbd-client can cause denial of service by aborting QEMU as NBD server with a spec-compliant request that is near the boundary of maximum length permitted. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html Issue introduced since QEMU v4.2: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af References: https://bugzilla.redhat.com/show_bug.cgi?id=1843707 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10761 http://seclists.org/oss-sec/2020/q2/174 https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
SUSE:SLE-15-SP2:Update is the only affected code stream.
Created attachment 838631 [details] qemu-CVE-2020-10761-Avoid-long-error-message-assertions.patch
Created attachment 838632 [details] qemu-CVE-2020-10761-truncation-of-long-NBD-exports.patch
Upstream commits are: 5c4fe018c025740fef4a0a4421e8162db0c3eefd and 5c86bdf1208916ece0b87e1151c9b48ee54faa3e Backported patches are queued for SLE15-SP2 maintenance update
SUSE-SU-2020:2015-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1172383,1172384,1172386,1172495,1172710 CVE References: CVE-2020-10761,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13800 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): qemu-4.2.1-11.4.4 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): qemu-4.2.1-11.4.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1108-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1172383,1172384,1172386,1172495,1172710 CVE References: CVE-2020-10761,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13800 JIRA References: Sources used: openSUSE Leap 15.2 (src): qemu-4.2.1-lp152.9.3.1, qemu-linux-user-4.2.1-lp152.9.3.1, qemu-testsuite-4.2.1-lp152.9.3.1