CVE-2020-11102

Name of the Vulnerable Software and Affected Versions QEMU version 4.2.0

Description The issue is related to a buffer overflow in the hw/net/tulip.c component of the QEMU hardware emulator. This occurs during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Exploitation of this issue could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For QEMU version 4.2.0, as a temporary workaround, consider disabling the hw/net/tulip.c component until a patch is available. Restrict access to the vulnerable tx/rx buffers to minimize the risk of exploitation. Avoid using the hw/net/tulip.c component in the affected QEMU version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.