Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a crash via assertion failure. A nbd-client can cause denial of service by aborting QEMU as NBD server with a spec-compliant request that is near the boundary of maximum length permitted. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html Issue introduced since QEMU v4.2 -> https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af - It allowed nbd-client to send longer export names
Acknowledgments: Name: Eric Blake (redhat.com), Xueqiang Wei (redhat.com)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1845381]
External References: https://www.openwall.com/lists/oss-security/2020/06/09/1