Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an OOB access issue. In that it does not check if packet headers does not check for IP header length. It could lead to a OOB access when reading further packet data. A privileged user inside guest could use this issue to crash the Qemu process instance or potentially execute arbitrary code on the host, with privileges of the Qemu process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/08/18/4
Acknowledgments: Name: Li Qiang (Qihoo 360 Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1369015]
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392