On Sun, 25 Jan 2026, orion cai wrote:
From bee06612dae03a07dd5a9fa407d3a834fad4c635 Mon Sep 17 00:00:00 2001
From: Orion <[email protected]>
Date: Sun, 25 Jan 2026 21:30:22 +0800
Subject: [PATCH v2 0/2] Fix integer overflow in RTL8139 rx buffer handling
This series fixes an integer overflow vulnerability in the RTL8139
It's not a series but a single patch, cover letter not needed but if you
have cover it should be separate message with patch being a reply to it
not in one message.
network device emulation that could allow a malicious guest to
bypass DMA bounds checks.
The vulnerability occurs in rtl8139_write_buffer() when RxBufAddr
accumulates to a high value after receiving many packets. The bounds
check using addition (RxBufAddr + size) can overflow, bypassing the
check.
v2 should not be against v1 but against QEMU master as if v1 never
happened.
Regards,
BALATON Zoltan
