1178683 – (CVE-2020-25707) VUL-0: CVE-2020-25707: kvm,qemu: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c

Bug 1178683 (CVE-2020-25707) - VUL-0: CVE-2020-25707: kvm,qemu: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c

Summary: VUL-0: CVE-2020-25707: kvm,qemu: infinite loop in e1000e_write_packet_to_gues...

Status:	RESOLVED DUPLICATE of bug 1179468

Alias:	CVE-2020-25707

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/271341/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-25707:6.0:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-11-11 15:29 UTC by Robert Frohl
Modified:	2023-07-25 17:34 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2020-11-11 15:29:35 UTC

rh#1893895

An infinite loop issue was found in the e1000e NIC emulation code of QEMU. It could occur in the e1000e_write_packet_to_guest() routine while processing receive descriptor data if the address of the descriptor's data buffer was set to zero. A privileged guest user may exploit this issue to crash the QEMU process on the host, resulting in a denial of service.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1893895
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25707

Comment 1 Bruce Rogers 2021-03-21 01:54:10 UTC

This is a duplicate of bsc#1179468.
Security team, I'll kick this back to you for next step.

Comment 3 OBSbugzilla Bot 2021-05-17 16:30:08 UTC

This is an autogenerated message for OBS integration:
This bug (1178683) was mentioned in
https://build.opensuse.org/request/show/893798 Factory / qemu

Comment 4 OBSbugzilla Bot 2021-05-18 00:50:07 UTC

This is an autogenerated message for OBS integration:
This bug (1178683) was mentioned in
https://build.opensuse.org/request/show/893865 Factory / qemu

Comment 5 OBSbugzilla Bot 2021-05-25 12:40:08 UTC

This is an autogenerated message for OBS integration:
This bug (1178683) was mentioned in
https://build.opensuse.org/request/show/895371 Factory / qemu

Comment 10 Swamp Workflow Management 2021-06-02 19:23:08 UTC

SUSE-SU-2021:1837-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1179725,1182846,1182975,1186290
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2021-06-08 16:37:15 UTC

SUSE-SU-2021:1893-1: An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1182846,1182975,1183979,1186290
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: SLE-17785
Sources used:
SUSE MicroOS 5.0 (src):    qemu-4.2.1-11.19.2
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-4.2.1-11.19.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    qemu-4.2.1-11.19.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2021-06-08 16:53:51 UTC

SUSE-SU-2021:1894-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1094725,1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1181933,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    qemu-2.9.1-6.50.1
SUSE OpenStack Cloud 8 (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    qemu-2.9.1-6.50.1
HPE Helion Openstack 8 (src):    qemu-2.9.1-6.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2021-06-08 17:15:30 UTC

SUSE-SU-2021:1895-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-9.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2021-06-09 16:28:07 UTC

SUSE-SU-2021:1918-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    qemu-3.1.1.1-9.27.2
SUSE Manager Retail Branch Server 4.0 (src):    qemu-3.1.1.1-9.27.2
SUSE Manager Proxy 4.0 (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-9.27.2
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-9.27.2
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-9.27.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2021-06-10 13:38:20 UTC

SUSE-SU-2021:1942-1: An update that solves 14 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1175144,1175534,1176681,1178683,1178935,1179477,1179484,1179686,1181103,1182282,1182425,1182968,1182975,1183373,1186290
CVE References: CVE-2019-15890,CVE-2020-14364,CVE-2020-17380,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-27821,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20263,CVE-2021-3409,CVE-2021-3416,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-17.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2021-06-10 13:47:37 UTC

SUSE-SU-2021:1947-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.32.1
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.32.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.32.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2021-07-11 14:07:23 UTC

openSUSE-SU-2021:1942-1: An update that solves 14 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1175144,1175534,1176681,1178683,1178935,1179477,1179484,1179686,1181103,1182282,1182425,1182968,1182975,1183373,1186290
CVE References: CVE-2019-15890,CVE-2020-14364,CVE-2020-17380,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-27821,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20263,CVE-2021-3409,CVE-2021-3416,CVE-2021-3419
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-17.1

Comment 19 Swamp Workflow Management 2021-07-14 01:18:17 UTC

openSUSE-SU-2021:1043-1: An update that solves 14 vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1182846,1182975,1183979,1184574,1185591,1185981,1185990,1186010,1186290,1187013
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419,CVE-2021-3544,CVE-2021-3545,CVE-2021-3546
JIRA References: SLE-17785
Sources used:
openSUSE Leap 15.2 (src):    qemu-4.2.1-lp152.9.16.2, qemu-linux-user-4.2.1-lp152.9.16.1, qemu-testsuite-4.2.1-lp152.9.16.7

Comment 20 Swamp Workflow Management 2021-08-03 16:21:43 UTC

SUSE-SU-2021:14772-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1173612,1174386,1178683,1180523,1181933,1186473,1187364,1187367
CVE References: CVE-2020-11947,CVE-2020-15469,CVE-2020-15863,CVE-2020-25707,CVE-2021-20221,CVE-2021-3416,CVE-2021-3592,CVE-2021-3594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kvm-1.4.2-60.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2021-08-06 13:34:27 UTC

SUSE-SU-2021:14774-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1031692,1173612,1174386,1178683,1180523,1181933,1186473,1187364,1187367
CVE References: CVE-2020-11947,CVE-2020-15469,CVE-2020-15863,CVE-2020-25707,CVE-2021-20221,CVE-2021-3416,CVE-2021-3592,CVE-2021-3594
JIRA References: 
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kvm-1.4.2-53.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.