CVE-2020-10761
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
| Software | From | Fixed in |
|---|---|---|
| qemu / qemu | - | 5.0.1 |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| opensuse / leap | 15.2 | 15.2.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
- https://security.gentoo.org/glsa/202011-09
- https://security.netapp.com/advisory/ntap-20200731-0001/
- https://usn.ubuntu.com/4467-1/
- https://www.openwall.com/lists/oss-security/2020/06/09/1
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime