oss-sec mailing list archives
CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers
From: P J P <ppandit () redhat com>
Date: Mon, 6 Apr 2020 15:50:51 +0530 (IST)
Hello,An out-of-bounds access issue was found in the Tulip NIC emulator built into QEMU. It could occur while copying network data to/from its tx/rx frame buffers, as it does not check frame size against the data length.
A remote user/process could use this flaw to crash the QEMU process resulting in Dos OR potentially execute arbitrary code with the privileges of the QEMU process on the host.
Upstream patch: -> https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850This issue was reported by Ziming Zhang and Li Qiang (Ant Financial). CVE-2020-11102 requested via -> https://cveform.mitre.org/
Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers P J P (Apr 06)