CVE-2020-25707 - Vulnerability Details - OpenCVE

Description

DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-2891

Published: 2020-12-14

Score: 2.5 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

No data.

Package	CPE	Advisory	Released Date
Advanced Virtualization for RHEL 8.3.1
virt:8.3-8030120210211160750.71132145	cpe:/a:redhat:advanced_virtualization:8.3::el8	RHBA-2021:0639	2021-02-22T00:00:00Z
virt-devel:8.3-8030120210211160750.71132145	cpe:/a:redhat:advanced_virtualization:8.3::el8	RHBA-2021:0639	2021-02-22T00:00:00Z
Red Hat Enterprise Linux 8
virt-devel:rhel-8040020210317013608.9f9e2e7e	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:1762	2021-05-18T00:00:00Z
virt:rhel-8040020210317013608.9f9e2e7e	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:1762	2021-05-18T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2020-25707
https://www.cve.org/CVERecord?id=CVE-2020-25707

History

No history.

Subscriptions

Redhat Advanced Virtualization Enterprise Linux

MITRE

Status: REJECTED

Assigner: redhat

Published: 2020-12-14T20:09:22.000Z

Updated: 2020-12-14T20:09:22.000Z

Reserved: 2020-09-16T00:00:00.000Z

Link: CVE-2020-25707

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2020-12-14T21:15:20.270

Modified: 2023-11-07T03:20:23.500

Link: CVE-2020-25707

Redhat

Severity : Low

Publid Date: 2020-11-02T00:00:00Z

Links: CVE-2020-25707 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-835

{"acknowledgement": "Red Hat would like to thank Cheolwoo Myung and Gaoning Pan (Zhejiang University) for reporting this issue.", "affected_release": [{"advisory": "RHBA-2021:0639", "cpe": "cpe:/a:redhat:advanced_virtualization:8.3::el8", "package": "virt:8.3-8030120210211160750.71132145", "product_name": "Advanced Virtualization for RHEL 8.3.1", "release_date": "2021-02-22T00:00:00Z"}, {"advisory": "RHBA-2021:0639", "cpe": "cpe:/a:redhat:advanced_virtualization:8.3::el8", "package": "virt-devel:8.3-8030120210211160750.71132145", "product_name": "Advanced Virtualization for RHEL 8.3.1", "release_date": "2021-02-22T00:00:00Z"}, {"advisory": "RHSA-2021:1762", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8040020210317013608.9f9e2e7e", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1762", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8040020210317013608.9f9e2e7e", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c", "id": "1893895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893895"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-835", "details": ["An infinite loop flaw was found in the e1000e NIC emulation code of QEMU. This issue occurs in the e1000e_write_packet_to_guest() routine while processing bogus RX descriptor data transmitted by the guest. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service."], "name": "CVE-2020-25707", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:8.3/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2020-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25707\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25707"], "statement": "This flaw was found to be a duplicate of CVE-2020-28916. Please see https://access.redhat.com/security/cve/CVE-2020-28916 for information about affected products and security errata.", "threat_severity": "Low"}