An assertion failure issue was found in the net_tx_pkt_add_raw_fragment() function in hw/net/net_tx_pkt.c. This assertion comes from the code that processes network packets. This code is shared between e1000e, vmxnet3 and apparently a few more devices. A malicious guest user/process could abuse this flaw to abort the QEMU process on the host, resulting in a denial of service condition.
Acknowledgments: Name: Ziming Zhang (Codesafe Team of Legendsec at Qi'anxin Group)
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1861058] Affects: fedora-all [bug 1861059] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1861060]
Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.2.1 Via RHSA-2020:5111 https://access.redhat.com/errata/RHSA-2020:5111
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16092
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0346 https://access.redhat.com/errata/RHSA-2021:0346
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0347 https://access.redhat.com/errata/RHSA-2021:0347
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2021:0459 https://access.redhat.com/errata/RHSA-2021:0459
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2021:0934 https://access.redhat.com/errata/RHSA-2021:0934
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1762 https://access.redhat.com/errata/RHSA-2021:1762