Date: Mon, 6 Apr 2020 15:50:51 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> cc: pangpei.lq@...fin.com, ziming zhang <ezrakiez@...il.com> Subject: CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers Hello, An out-of-bounds access issue was found in the Tulip NIC emulator built into QEMU. It could occur while copying network data to/from its tx/rx frame buffers, as it does not check frame size against the data length. A remote user/process could use this flaw to crash the QEMU process resulting in Dos OR potentially execute arbitrary code with the privileges of the QEMU process on the host. Upstream patch: -> https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 This issue was reported by Ziming Zhang and Li Qiang (Ant Financial). CVE-2020-11102 requested via -> https://cveform.mitre.org/ Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.