Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Sep 2016 09:48:07 +0000
From: Hu Chaojian <chaojianhu@...mail.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE request Qemu: hw: net: Fix a heap overflow in
 xlnx.xps-ethernetlite

The .receive callback of xlnx.xps-ethernetlite doesn't check the length

of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. Attackers may leverage it to execute arbitrary

code with privileges of the qemu process on the host.


Upstream patches:

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html<https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html>

This issue was discovered by chaojianhu<chaojianhu@...mail.com>

Thanks,

Chaojian Hu


-------------------------------------------------------------------------------------------

p.s.

Alistair (the code maintainer) have requested a cve id for this vulnerability.


>>Hello chaojianhu,

>>I created a CVE, but I can't access it. Do you know how to expose the CVE?

>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7161

>>Thanks,

>>Alistair


But there seems a small problem.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ