An out-of-bounds access issue was found in the Tulip NIC emulator built into QEMU. It could occur while copying network data to/from its tx/rx frame buffers, as it does not check frame size against the data length. A remote user/process could use this flaw to crash the QEMU process resulting in Dos OR potentially execute arbitrary code with the privileges of the QEMU process on the host. Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/04/06/1
Acknowledgments: Name: Ziming Zhang, Li Qiang (Tianchen Security Lab of Ant Financial)
Statement: This issue does not affect the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 6, 7 and 8.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11102
Created qemu tracking bugs for this issue: Affects: fedora-rawhide [bug 1821564]