Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
QEMU 缓冲区错误漏洞
Vulnerability Description
QEMU(Quick Emulator)是法国法布里斯-贝拉(Fabrice Bellard)个人开发者的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 存在安全漏洞,该漏洞源于其Tulip设备仿真中发现了DMA重入问题。当 Tulip 读取或写入 rx/tx 描述符或复制 rx/tx 帧时,它不会检查目标地址是否为其自己的MMIO地址。这可能导致设备多次触发MMIO处理程序,从而导致栈或堆的缓冲区溢出。攻击者可能使用此漏洞使主机上的QEMU 进程崩溃,从而导致拒绝服务情况。
CVSS Information
N/A
Vulnerability Type
N/A