[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c
From:       Mauro Matteo Cascella <mcascell () redhat ! com>
Date:       2020-07-22 10:51:56
Message-ID: CAA8xKjXoHR_u8n2T+4Yj545m_VZ3CKqPLRwPXhCC3fCQsbXXLQ () mail ! gmail ! com
[Download RAW message or body]

Hello,

a stack-based buffer overflow vulnerability was found in the XGMAC NIC
device of the QEMU emulator. This flaw occurs during packet
transmission and affects the highbank and midway ARM emulated
machines. A malicious guest could use this flaw to crash the QEMU
process on the host, resulting in a denial of service or potential
code execution with the privileges of the QEMU process.

Upstream patch:
----------------------
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555

This issue was reported by Ziming Zhang (CC'd).
CVE-2020-15863 requested via MITRE form: https://cveform.mitre.org/

Regards,
-- 
Mauro Matteo Cascella, Red Hat Product Security
6F78 E20B 5935 928C F0A8  1A9D 4E55 23B8 BB34 10B0

[prev in list] [next in list] [prev in thread] [next in thread]