Vigil@nce - QEMU: memory corruption via ne2000_mem_writel
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is privileged in a guest system, can generate a
memory corruption in ne2000_mem_writel() of QEMU, in order to
trigger a denial of service, and possibly to run code on the host
system.
– Impacted products: QEMU.
– Severity: 1/4.
– Creation date: 04/01/2016.
DESCRIPTION OF THE VULNERABILITY
The QEMU product implements the support of NE2000 network devices.
However, the ne2000_mem_writel() function does not correctly check
addresses to copy.
An attacker, who is privileged in a guest system, can therefore
generate a memory corruption in ne2000_mem_writel() of QEMU, in
order to trigger a denial of service, and possibly to run code on
the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/QEMU-memory-corruption-via-ne2000-mem-writel-18629