Launchpad.net

CVE 2020-11102

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

Related bugs and status

CVE-2020-11102 (Candidate) is related to these bugs:

Bug #1749393: sbrk() not working under qemu-user with a PIE-compiled binary?

		In	Importance	Status
1749393	sbrk() not working under qemu-user with a PIE-compiled binary?	QEMU	Undecided	Fix Released
1749393	sbrk() not working under qemu-user with a PIE-compiled binary?	qemu (Ubuntu)	Undecided	Fix Released
1749393	sbrk() not working under qemu-user with a PIE-compiled binary?	qemu (Ubuntu Focal)	Medium	Fix Released

Bug #1871830: using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu

Summary				In	Importance	Status
	1871830	using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu		qemu (Ubuntu)	Critical	Fix Released

Bug #1872107: QEMU KVM live migration crashes when the VM is in booting state

Summary				In	Importance	Status
	1872107	QEMU KVM live migration crashes when the VM is in booting state		qemu (Ubuntu)	Undecided	Fix Released
	1872107	QEMU KVM live migration crashes when the VM is in booting state		qemu-kvm	Unknown	Unknown

Bug #1872937: Fetch recent CVE and packaging fixes

Summary				In	Importance	Status
	1872937	Fetch recent CVE and packaging fixes		qemu (Ubuntu)	Critical	Fix Released

Bug #1878534: iPhone USB passthrough crashes Windows 10 guest

Summary				In	Importance	Status
	1878534	iPhone USB passthrough crashes Windows 10 guest		qemu (Ubuntu)	Undecided	Incomplete
	1878534	iPhone USB passthrough crashes Windows 10 guest		qemu (Debian)	Unknown	Fix Released

Bug #1887763: new default qemu TCG sizes exceed common CI setups

Summary				In	Importance	Status
	1887763	new default qemu TCG sizes exceed common CI setups		qemu (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-11102

Related bugs and status

Related bugs

References