Red Hat Bugzilla – Bug 1297426
qemu: stack-based buffer overflow in gem_transmit()
Last modified: 2016-04-26 12:08:51 EDT
A stack-based buffer overflow flaw was found in QEMU's gem_transmit() function.
The gem_transmit() function reads length of packet from physical memory then reads packet from physical memory to tx_packet with this length. This may result in a buffer overflow if the length of the packet is more than 2048.
Red Hat would like to thank Ling Liu of Qihoo 360 Inc. for reporting this issue.
Created attachment 1113613 [details]
This turned out to be a security non-issue.