CVE-2020-11102: 
NixOS vulnerability analysis and mitigation

CVE-2020-11102 is a buffer overflow vulnerability discovered in QEMU 4.2.0's Tulip NIC emulator (hw/net/tulip.c). The vulnerability was reported by Ziming Zhang and Li Qiang from Ant Financial and was disclosed on April 6, 2020. The issue occurs during the copying of tx/rx buffers because the frame size is not validated against the read/write data length (OSS Security).

The vulnerability exists in the Tulip NIC emulator's buffer handling mechanism where it fails to check frame size against the data length while copying network data to/from its tx/rx frame buffers. This out-of-bounds access issue could lead to buffer overflow conditions. The issue was addressed in an upstream patch that implemented proper size validation checks (QEMU Patch).

The vulnerability could allow a remote user or process to crash the QEMU process, resulting in a denial of service (DoS) condition. More critically, it potentially enables the execution of arbitrary code with the privileges of the QEMU process on the host system (OSS Security).

The vulnerability was patched in QEMU versions after 4.2.0-r5. Users are advised to upgrade to the patched version. For Gentoo users specifically, the fix was included in app-emulation/qemu-4.2.0-r5 and later versions (Gentoo Security).