CVE-2020-15859

medium

Published 2021-11-09 · Modified 2021-11-09

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description QEMU: net: e1000e: use-after-free while sending packets Red Hat statement In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package. CVSS v3: 3.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L) Errata / fixed releases…

Description

QEMU: net: e1000e: use-after-free while sending packets

Red Hat statement

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.

CVSS v3: 3.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`virt-devel:rhel-8050020211001230723.b4937e53`	RHSA-2021:4191	2021-11-09T00:00:00Z
Red Hat Enterprise Linux 8	`virt:rhel-8050020211001230723.b4937e53`	RHSA-2021:4191	2021-11-09T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 5	`kvm`	Not affected
Red Hat Enterprise Linux 6	`qemu-kvm`	Not affected
Red Hat Enterprise Linux 7	`qemu-kvm`	Not affected
Red Hat Enterprise Linux 7	`qemu-kvm-ma`	Not affected
Red Hat Enterprise Linux 7	`qemu-kvm-rhev`	Will not fix
Red Hat Enterprise Linux 8 Advanced Virtualization	`virt:8.2/qemu-kvm`	Affected
Red Hat Enterprise Linux 9	`qemu-kvm`	Not affected
Red Hat OpenStack Platform 10 (Newton)	`qemu-kvm-rhev`	Will not fix
Red Hat OpenStack Platform 13 (Queens)	`qemu-kvm-rhev`	Will not fix

Apply commands

bash fix

Apply RHSA-2021:4191 for Red Hat Enterprise Linux 8

yum update -y virt-devel:rhel
# or:
dnf upgrade -y virt-devel:rhel

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 5	`Not affected`
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 8 Advanced Virtualization	`Affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`1:5.2+dfsg-1`
sid	Fixed	`1:5.2+dfsg-1`
forky	Fixed	`1:5.2+dfsg-1`
bullseye	Fixed	`1:5.2+dfsg-1`
bookworm	Fixed	`1:5.2+dfsg-1`

Red Hat Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.