

Heap overflow in QEMU PCNET controller, allowing guest-host escape - QUFB
http://xenbits.xen.org/xsa/advisory-135.html

======
stefanha
Keep in mind that the pcnet NIC is not used by default in most QEMU, KVM, or
Xen deployments.

So it's mostly a problem in scenarios where untrusted users may add pcnet NICs
to their VMs. Even then, remember that additional layers of security are
available. KVM is typically deployed with unprivileged QEMU processes, locked
down with SELinux (more details:
[https://danwalsh.livejournal.com/71489.html](https://danwalsh.livejournal.com/71489.html)).

------
toomuchtodo
Is this going to cause another AWS patchathon?

~~~
kondor6c
I think, that only HVM instances with non-network optimized interfaces might
be vulnerable.

------
0x0
Does this affect other products like virtualbox, vmware etc?

Didn't the VENOM qemu floppy driver bug hit a ton of products as well?

~~~
creshal
> Both the traditional "qemu-xen" or upstream qemu device models are
> _potentially_ vulnerable.

VENOM was particularly nasty because, due to a bug/oversight, floppy emulation
was _always_ enabled in pretty much everything that used Qemu.

This only affects one specific network driver, which to my knowledge, is
nowhere used as default.

