[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c
From: Mauro Matteo Cascella <mcascell () redhat ! com>
Date: 2020-07-22 10:51:56
Message-ID: CAA8xKjXoHR_u8n2T+4Yj545m_VZ3CKqPLRwPXhCC3fCQsbXXLQ () mail ! gmail ! com
[Download RAW message or body]
Hello,
a stack-based buffer overflow vulnerability was found in the XGMAC NIC
device of the QEMU emulator. This flaw occurs during packet
transmission and affects the highbank and midway ARM emulated
machines. A malicious guest could use this flaw to crash the QEMU
process on the host, resulting in a denial of service or potential
code execution with the privileges of the QEMU process.
Upstream patch:
----------------------
-> https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
This issue was reported by Ziming Zhang (CC'd).
CVE-2020-15863 requested via MITRE form: https://cveform.mitre.org/
Regards,
--
Mauro Matteo Cascella, Red Hat Product Security
6F78 E20B 5935 928C F0A8 1A9D 4E55 23B8 BB34 10B0
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic