tl;dr This post will describe how I exploited CVE-2019-14378, which is a pointer miscalculation in network backend of QEMU. The bug is triggered when large IPv4 fragmented packets are reassembled for processing. It was found by code auditing. Vulnerability DetailsThere are two parts to networking within QEMU: The virtual network device that is provided to the guest (e.g. a PCI network card). The n