QEMU (short for Quick Emulator) is a free and open-source emulator that performs hardware virtualization. It emulates the machine’s processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems.
QEMU is affected by a vulnerability, tracked as CVE-2019-14378, that could be exploited by attackers to trigger a
The flaw was discovered by the researcher Vishnu Dev, who published technical details of the vulnerability after it was addressed.
“CVE-2019-14378, which is a pointer miscalculation in
The vulnerability is a heap-based buffer overflow that can lead to a virtual machine (VM) escape, it affects the packet reassembly in SLiRP.
The vulnerability resides in the ip_reass() routine while reassembling incoming packets, in particular, the flaw is triggered if the first fragment is bigger than the m->m_dat buffer.
“A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat buffer.” reads the security advisory published by RedHat. “An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with
The good news is that the impact of the CVE-2019-14378 flaw is limited because production VMs typically do not use Slirp. Below some points highlighted by QEMU developer Stefan Hajnoczi.