Vulnerability Summary: CVE-2020-5164 (Bug 2830316) Vulnerability Overview Title: Bug 2830316 (CVE-2020-5164) - virtio-net: Denial of Service via unvalidated descriptor count in unmap request Severity: Medium Status: NEW Description: This is a Denial of Service (DoS) vulnerability. The driver fails to validate the descriptor count in unmap requests. The issue arises because is set to 256, but the advertised maximum may exceed this value, or the actual maximum may be smaller than expected, leading to out-of-bounds memory access. An attacker can trigger this vulnerability by sending an unmap request with an unvalidated user buffer, resulting in a potential memory corruption or DoS condition. Impact/Scope Component: virtio-net (VirtIO network driver) Environment: Virtualized environments (QEMU and virtio-net interaction) Affected Versions: Not explicitly specified; marked as "Clone Of" and "Environment". Fix/Resolution Based on the provided description, the recommended fix includes: 1. Use as the size of to ensure the advertised maximum is actually supported. 2. Advertise the full range instead of limiting it to . 3. Ensure is actually incrementing the array size. 4. First, verify that the user buffer is large enough to safely access . Code/Technical Details No complete POC code is provided in the page, but the following key variables and logic are referenced: (value: 256) Unmap request handling logic within .