QEMU is prone to a local heap-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data.
An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
Information
Redhat OpenStack Platform 8.0 (Liberty)
Redhat OpenStack Platform 14
Redhat OpenStack Platform 13
Redhat OpenStack Platform 10
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
QEMU QEMU 0
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Exploit for CVE-2019-6778 (Kira-cxy/qemu-vm-escape)
- QEMU Homepage (QEMU)
- [Qemu-devel] [PULL 65/65] slirp: check data length while emulating ident (GNU)
- Bug 1664205 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() (Redhat)
- CVE-2019-6778 (Redhat)