peter/qemu - QEMU hacking for Peter

diff options

author	Gerd Hoffmann <kraxel@redhat.com>	2017-02-08 11:18:36 +0100
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2017-03-16 12:10:41 -0500
commit	fc8e94c3e5e74437c4e73a5582f17cfd4cae5ccf (patch)
tree	39ca15b473db331d47489e2c37da8702fa4f9c9a /slirp/if.h
parent	5e4641777c3cb06206127419ce7617aeff2327f4 (diff)
download	qemu-fc8e94c3e5e74437c4e73a5582f17cfd4cae5ccf.tar.gz

cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)

CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination and blit width, at all. Oops. Fix it. Security impact: high. The missing blit destination check allows to write to host memory. Basically same as CVE-2014-8106 for the other blit variants. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commit 92f2b88cea48c6aeba8de568a45f2ed958f3c298) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Diffstat (limited to 'slirp/if.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: