QEMU e1000 Network Device Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the QEMU e1000 network device. This issue arises because the code responsible for padding short frames was removed from individual network devices and integrated into the net core code. However, the e1000 device's receive code can still process short frames in loopback mode, leading to a buffer overrun in the e1000_receive_iov() function. A malicious guest user could exploit this vulnerability to crash the QEMU process on the host, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a crash of the QEMU process on the host, causing a denial-of-service condition. However, according to Red Hat, this vulnerability could also be exploited to execute arbitrary code, potentially allowing a guest user to gain unauthorized access to the host system.