qemu (e1000 device driver): Buffer overflow when processing large packets
An issue in qemu has been disclosed which we believe affects some users of Xen.
A buffer overflow flaw was found in the way e1000 emulated device driver of QEMU, processed received large e1000 packets, when the SBP and LPE flags were disabled
In a vulnerable configuration a hostile network packet may be able to corrupt the memory of the guest, leading to a guest DoS or remote privilege escalation.
memory corruption, guest DoS, privilege escalation