qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)

ID ACD5D037-1C33-11E5-BE9C-6805CA1D3BB1
Type freebsd
Reporter FreeBSD
Modified 2015-07-11T00:00:00


The QEMU security team reports:

A guest which has access to an emulated PCNET network device (e.g. with "model=pcnet" in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.