This patchset should fix this bug: https://patchew.org/QEMU/20210108180401.2263-1-peter.mayd...@linaro.org/
PS: this isn't a security issue because the lan9118 is used only on board models that can't run under KVM and so it is not on QEMU's security boundary. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1904954 Title: lan9118 bug peeked received message size not equal to actual received message size Status in QEMU: New Bug description: peeked message size is not equal to read message size Bug in the code at line: https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209 s->tx_status_fifo_head should be s->rx_status_fifo_head Could also be a security bug, as the user could allocate a buffer of size peeked data smaller than the actual packet received, which could cause a buffer overflow. Thanks, Alfred To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1904954/+subscriptions