QEMU (short for Quick Emulator) is a free and open-source emulator that performs hardware virtualization. It emulates the machine’s processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems.
QEMU is affected by a vulnerability, tracked as CVE-2019-14378, that could be exploited by attackers to trigger a
The flaw was discovered by the researcher Vishnu Dev, who published technical details of the vulnerability after it was addressed.
“CVE-2019-14378, which is a pointer miscalculation in
The vulnerability is a heap-based buffer overflow that can lead to a virtual machine (VM) escape, it affects the packet reassembly in SLiRP.
The vulnerability resides in the ip_reass() routine while reassembling incoming packets, in particular, the flaw is triggered if the first fragment is bigger than the m->m_dat buffer.
“A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat buffer.” reads the security advisory published by RedHat. “An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with
The good news is that the impact of the CVE-2019-14378 flaw is limited because production VMs typically do not use Slirp. Below some points highlighted by QEMU developer Stefan Hajnoczi.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.