Main Vulnerability Database SB2020111624

SB2020111624 - Advanced Virtualization for RHEL 8 update for the virt:8.2 and virt-devel:8.2 modules

Published: November 16, 2020 Updated: April 24, 2025

Security Bulletin ID SB2020111624

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Reachable Assertion (CVE-ID: CVE-2020-16092)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing certain network packets on "e1000e" and "vmxnet3" devices in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c. A remote attacker on a guest operating system can send a specially crafted packet that will result in hypervisor crash.

2) Double Free (CVE-ID: CVE-2020-25637)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the libvirt API, responsible for requesting information about network interfaces of a running QEMU domain. A local client connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2020:5111