8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.2%
The QEMU security team has predisclosed the following advisory:
The AMD PC-Net II emulator(hw/net/pcnet.c), while receiving packets in loopback mode, appends CRC code to the receive buffer. If the data size given is same as the buffer size(4096), the appended CRC code overwrites 4 bytes after the s->buffer, making the adjacent βs->irqβ object point to a new location.
A guest which has access to an emulated PCNET network device (e.g. with βmodel=pcnetβ in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.
All Xen systems running x86 HVM guests without stubdomains which have been configured to use the PCNET emulated driver model are vulnerable.
The default configuration is NOT vulnerable (because it does not emulate PCNET NICs).
Systems running only PV guests are NOT vulnerable.
Systems using qemu-dm stubdomain device models (for example, by specifying βdevice_model_stubdomain_override=1β in xlβs domain configuration files) are NOT vulnerable.
Both the traditional βqemu-xenβ or upstream qemu device models are potentially vulnerable.
ARM systems are NOT vulnerable.
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.2%