Show plain JSON{"acknowledgement": "Red Hat would like to thank Cheolwoo Myung and Gaoning Pan (Zhejiang University) for reporting this issue.", "affected_release": [{"advisory": "RHBA-2021:0639", "cpe": "cpe:/a:redhat:advanced_virtualization:8.3::el8", "package": "virt:8.3-8030120210211160750.71132145", "product_name": "Advanced Virtualization for RHEL 8.3.1", "release_date": "2021-02-22T00:00:00Z"}, {"advisory": "RHBA-2021:0639", "cpe": "cpe:/a:redhat:advanced_virtualization:8.3::el8", "package": "virt-devel:8.3-8030120210211160750.71132145", "product_name": "Advanced Virtualization for RHEL 8.3.1", "release_date": "2021-02-22T00:00:00Z"}, {"advisory": "RHSA-2021:1762", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8040020210317013608.9f9e2e7e", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1762", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8040020210317013608.9f9e2e7e", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c", "id": "1893895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893895"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-835", "details": ["An infinite loop flaw was found in the e1000e NIC emulation code of QEMU. This issue occurs in the e1000e_write_packet_to_guest() routine while processing bogus RX descriptor data transmitted by the guest. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service."], "name": "CVE-2020-25707", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:8.3/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2020-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25707\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25707"], "statement": "This flaw was found to be a duplicate of CVE-2020-28916. Please see https://access.redhat.com/security/cve/CVE-2020-28916 for information about affected products and security errata.", "threat_severity": "Low"} 
MITRE
Vulnrichment
NVD
Redhat