CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers

[P J P <ppandit () redhat com>]

  Hello,

An out-of-bounds access issue was found in the Tulip NIC emulator built into 
QEMU. It could occur while copying network data to/from its tx/rx frame 
buffers, as it does not check frame size against the data length.

A remote user/process could use this flaw to crash the QEMU process resulting 
in Dos OR potentially execute arbitrary code with the privileges of the QEMU 
process on the host.

Upstream patch:
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850

This issue was reported by Ziming Zhang and Li Qiang (Ant Financial). 
CVE-2020-11102 requested via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D