oss-sec mailing list archives
CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite
From: Hu Chaojian <chaojianhu () hotmail com>
Date: Fri, 23 Sep 2016 09:48:07 +0000
The .receive callback of xlnx.xps-ethernetlite doesn't check the length of data before calling memcpy. As a result, the NetClientState object in heap will be overflowed. Attackers may leverage it to execute arbitrary code with privileges of the qemu process on the host. Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html<https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html> This issue was discovered by chaojianhu<chaojianhu () hotmail com> Thanks, Chaojian Hu ------------------------------------------------------------------------------------------- p.s. Alistair (the code maintainer) have requested a cve id for this vulnerability.
Hello chaojianhu,
I created a CVE, but I can't access it. Do you know how to expose the CVE?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7161
Thanks,
Alistair
But there seems a small problem.
Current thread:
- CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite Hu Chaojian (Sep 23)
- Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite cve-assign (Sep 23)