QEMU 'tcp_subr.c' Local Heap Buffer Overflow Vulnerability

QEMU is prone to a local heap-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data.

An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

Information

Bugtraq ID: 106758
Class: Boundary Condition Error
CVE: CVE-2019-6778

Remote: No
Local: Yes
Published: Jan 24 2019 12:00AM
Updated: Jun 17 2019 05:00AM
Credit: Kira (Tencent Keen Security Lab)
Vulnerable: Redhat OpenStack Platform 9.0
Redhat OpenStack Platform 8.0 (Liberty)
Redhat OpenStack Platform 14
Redhat OpenStack Platform 13
Redhat OpenStack Platform 10
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
QEMU QEMU 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Exploit for CVE-2019-6778 (Kira-cxy/qemu-vm-escape)
  
• QEMU Homepage (QEMU)
  
• [Qemu-devel] [PULL 65/65] slirp: check data length while emulating ident (GNU)
  
• Bug 1664205 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() (Redhat)
  
• CVE-2019-6778 (Redhat)
  

Source: www.securityfocus.com