Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is
vulnerable to an OOB access issue. In that it does not check if packet headers
does not check for IP header length. It could lead to a OOB access when
reading further packet data.
A privileged user inside guest could use this issue to crash the Qemu process
instance or potentially execute arbitrary code on the host, with privileges of
the Qemu process.
Name: Li Qiang (Qihoo 360 Inc.)
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1369015]
This issue has been addressed in the following products:
RHEV 4.X RHEV-H and Agents for RHEL-7
Via RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392