Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 6 Apr 2020 15:50:51 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: pangpei.lq@...fin.com, ziming zhang <ezrakiez@...il.com>
Subject: CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers

   Hello,

An out-of-bounds access issue was found in the Tulip NIC emulator built into 
QEMU. It could occur while copying network data to/from its tx/rx frame 
buffers, as it does not check frame size against the data length.

A remote user/process could use this flaw to crash the QEMU process resulting 
in Dos OR potentially execute arbitrary code with the privileges of the QEMU 
process on the host.

Upstream patch:
   -> https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850

This issue was reported by Ziming Zhang and Li Qiang (Ant Financial). 
CVE-2020-11102 requested via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.