Описание
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
An out-of-bounds access flaw was found in the Tulip NIC emulator built into QEMU. This flaw occurs while copying network data to and from its tx/rx frame buffers, as it does not check frame size against the data length. This flaw allows a remote user or process to crash the QEMU process, resulting in a denial of service or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Отчет
This issue does not affect the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 6, 7 and 8.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 8 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | qemu-kvm | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | qemu-kvm-rhev | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | qemu-kvm-rhev | Not affected |
Показывать по
Дополнительная информация
Статус:
5.6 Medium
CVSS3
Связанные уязвимости
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
5.6 Medium
CVSS3