An assertion failure issue was found in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. A malicious guest could use this flaw to crash QEMU and cause a denial of service condition. Upstream issue & patch: https://gitlab.com/qemu-project/qemu/-/issues/2273 https://patchew.org/QEMU/20240410070459.49112-1-philmd@linaro.org/
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2274340]