Red Hat Bugzilla – Bug 1297416
qemu: stack-based buffer overflow in gem_receive()
Last modified: 2016-04-26 17:09:43 EDT
A stack-based buffer overflow flaw was found in QEMU's gem_receive() function.
When GEM_NWCFG_STRIP_FCS was not set, gem_receive() would copy packet data to rxbuf, resulting in a buffer overflow if the length of a packet was more than 2048.
Red Hat would like to thank Ling Liu of Qihoo 360 Inc. for reporting this issue.
This turned out to be a security non-issue.