| Description: | qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions.
|