Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | 1.0 (including) | 1.0 (including) |
| Qemu | Qemu | 1.0-rc1 (including) | 1.0-rc1 (including) |
| Qemu | Qemu | 1.0-rc2 (including) | 1.0-rc2 (including) |
| Qemu | Qemu | 1.0-rc3 (including) | 1.0-rc3 (including) |
| Qemu | Qemu | 1.0-rc4 (including) | 1.0-rc4 (including) |
| Qemu | Qemu | 1.0.1 (including) | 1.0.1 (including) |
| Qemu | Qemu | 1.1 (including) | 1.1 (including) |
| Qemu | Qemu | 1.1-rc1 (including) | 1.1-rc1 (including) |
| Qemu | Qemu | 1.1-rc2 (including) | 1.1-rc2 (including) |
| Qemu | Qemu | 1.1-rc3 (including) | 1.1-rc3 (including) |
| Qemu | Qemu | 1.1-rc4 (including) | 1.1-rc4 (including) |
| Qemu | Qemu | 1.4.1 (including) | 1.4.1 (including) |
| Qemu | Qemu | 1.4.2 (including) | 1.4.2 (including) |
| Qemu | Qemu | 1.5.0 (including) | 1.5.0 (including) |
| Qemu | Qemu | 1.5.0-rc1 (including) | 1.5.0-rc1 (including) |
| Qemu | Qemu | 1.5.0-rc2 (including) | 1.5.0-rc2 (including) |
| Qemu | Qemu | 1.5.0-rc3 (including) | 1.5.0-rc3 (including) |
| Qemu | Qemu | 1.5.1 (including) | 1.5.1 (including) |
| Qemu | Qemu | 1.5.2 (including) | 1.5.2 (including) |
| Qemu | Qemu | 1.5.3 (including) | 1.5.3 (including) |
| Qemu | Qemu | 1.6.0 (including) | 1.6.0 (including) |
| Qemu | Qemu | 1.6.0-rc1 (including) | 1.6.0-rc1 (including) |
| Qemu | Qemu | 1.6.0-rc2 (including) | 1.6.0-rc2 (including) |
| Qemu | Qemu | 1.6.0-rc3 (including) | 1.6.0-rc3 (including) |
| Qemu | Qemu | 1.6.1 (including) | 1.6.1 (including) |
| Qemu | Qemu | 1.6.2 (including) | 1.6.2 (including) |
| Qemu | Qemu | 1.7.1 (including) | 1.7.1 (including) |