CVE-2007-2893

Name of the Vulnerable Software and Affected Versions: Bochs version 2.3

Description: The issue allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system. This is due to a heap-based buffer overflow in the emulated NE2000 device. The overflow occurs in the bx ne2k c::rx frame function when TXCNT register values exceed the device memory size. Additionally, there are multiple vulnerabilities in the sb16ctrl-bochs package that can lead to breaches of confidentiality, integrity, and availability of protected information, which can be exploited by a local attacker.

Recommendations: For Bochs version 2.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the bx ne2k c::rx frame function until a patch is available. Restrict access to the emulated NE2000 device to minimize the risk of exploitation. Avoid using the TXCNT register in a way that could cause its values to exceed the device memory size until the issue is resolved.