Vladimir Sementsov-Ogievskiy

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 2.9 Description: A stack buffer overflow issue was found in QEMU when built with NBD client support. This issue could occur while processing a server's response to a 'NBD OPT LIST' request. A malicious NBD server could potentially use this issue to crash a remote NBD client, resulting in a denial of service, or execute arbitrary code on the client host with the privileges of the QEMU process. Recommendations: For QEMU versions prior to 2.9, update to version 2.9 or later to resolve the issue. As a temporary workaround, consider disabling the NBD client support until a patch is available. Restrict access to untrusted NBD servers to minimize the risk of exploitation.