Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   QEMU Vendors:
QEMU VMWARE VMXNET3 VLANSTRIP Bug Lets Remote Users Cause the Target Process to Crash
SecurityTracker Alert ID:  1037856
SecurityTracker URL:
CVE Reference:   CVE-2017-6058   (Links to External Site)
Date:  Feb 17 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in QEMU. A remote user can cause the target process to crash.

A remote user on the local network can send specially crafted data to trigger an out-of-bounds memory access error when stripping the VLAN header and cause the target Qemu process to crash.

Systems built with VMWARE VMXNET3 NIC device support and with the 'VLANSTRIP' feature enabled on the target VMXNET3 device are affected.

Impact:   A remote user can cause the target Qemu process to crash.
Solution:   A proposed patch is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [oss-security] CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping


Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is 
vulnerable to an out-of-bounds access issue. It could occur while stripping 
VLAN header from 'eth_buf' buffer in receiving packets.

A remote user/process could use this issue to crash Qemu process resulting in 

Upstream patch:


Note:- It requires 'VLANSTRIP' feature to be enabled on the vmxnet3 device.

'CVE-2017-6058' assigned via ->

Thank you.
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC