CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c

[Mauro Matteo Cascella <mcascell () redhat com>]

Hello,

a stack-based buffer overflow vulnerability was found in the XGMAC NIC
device of the QEMU emulator. This flaw occurs during packet
transmission and affects the highbank and midway ARM emulated
machines. A malicious guest could use this flaw to crash the QEMU
process on the host, resulting in a denial of service or potential
code execution with the privileges of the QEMU process.

Upstream patch:
----------------------
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555

This issue was reported by Ziming Zhang (CC'd).
CVE-2020-15863 requested via MITRE form: https://cveform.mitre.org/

Regards,
-- 
Mauro Matteo Cascella, Red Hat Product Security
6F78 E20B 5935 928C F0A8  1A9D 4E55 23B8 BB34 10B0