cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620) - qemu

diff options

author	Gerd Hoffmann <kraxel@redhat.com>	2017-02-08 11:18:36 +0100
committer	Gerd Hoffmann <kraxel@redhat.com>	2017-02-24 14:35:50 +0100
commit	92f2b88cea48c6aeba8de568a45f2ed958f3c298 (patch)
tree	6ed759495bfcf73c74481e0d8cc01c7d33cc8d21 /scripts/qapi-commands.py
parent	Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170222' into staging (diff)
download	qemu-92f2b88cea48c6aeba8de568a45f2ed958f3c298.tar.xz qemu-92f2b88cea48c6aeba8de568a45f2ed958f3c298.zip

cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)

CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination and blit width, at all. Oops. Fix it. Security impact: high. The missing blit destination check allows to write to host memory. Basically same as CVE-2014-8106 for the other blit variants. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Diffstat (limited to 'scripts/qapi-commands.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: