CVE-2020-10761

Priority
Description
An assertion failure issue was found in the Network Block Device(NBD)
Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an
nbd-client sends a spec-compliant request that is near the boundary of
maximum permitted request length. A remote nbd-client could use this flaw
to crash the qemu-nbd server resulting in a denial of service.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in qemu 4.2
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):released (1:4.2-3ubuntu6.4)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1:5.0-5ubuntu4)
Patches:
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-10 06:35:28 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)