vulnerability
Arch Linux: Denial of service (CVE-2020-28916)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | Dec 4, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Dec 4, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An infinite loop issue was found in the e1000e device emulator in QEMU before version 5.2.0. The issue could occur while receiving packets via e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has NULL buffer address. A privileged guest user may use this flaw to induce a DoS scenario on the host.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-28916
- https://attackerkb.com/topics/CVE-2020-28916
- URL-http://www.openwall.com/lists/oss-security/2020/12/01/2
- URL-https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
- URL-https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- URL-https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
- URL-https://security.archlinux.org/ASA-202012-26
- CWE-835
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.