Vigil@nce - QEMU: buffer overflow via the Ethernet VLAN header
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow sending Ethernet frames
with a VLAN header to a guest system in QEMU, in order to trigger
a denial of service against the host system, and possibly to run
code.
Impacted products: QEMU.
Severity: 1/4.
Creation date: 20/02/2017.
DESCRIPTION OF THE VULNERABILITY
An attacker can therefore generate a buffer overflow sending
Ethernet frames with a VLAN header to a guest system in QEMU, in
order to trigger a denial of service against the host system, and
possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/QEMU-buffer-overflow-via-the-Ethernet-VLAN-header-21903