A buffer overflow vulnerability was found in the XGMAC device of the QEMU emulator. XGMAC is an Ethernet controller used by the "highbank" and "midway" ARM emulated machines. The flaw lies in the xgmac_enet_send() function in hw/net/xgmac.c. Under certain circumstances, this may lead to a denial of service condition or potential code execution. Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
Acknowledgments: Name: Ziming Zhang (Codesafe Team of Legendsec at Qi'anxin Group)
Statement: The XGMAC device can only be found on highbank and midway QEMU ARM emulated machines. This flaw did not affect the following versions of QEMU as they did not include support for XGMAC: * `qemu-kvm-ma` as shipped with Red Hat Enterprise Linux 7. * `qemu-kvm-rhev` as shipped with Red Hat Virtualization and Red Hat OpenStack. * `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7 and 8. * `virt:8.2/qemu-kvm` as shipped with RHEL Advanced Virtualization.
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1859107] Affects: fedora-all [bug 1859106] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1859108]