Searched hist:"44 b5c1ebfa5db337714180e9d4a8d525da5595d6" (Results 1 – 1 of 1) sorted by relevance
| /qemu/hw/display/ |
| H A D | qxl.c | 44b5c1ebfa5db337714180e9d4a8d525da5595d6 Tue Feb 25 05:59:19 UTC 2020 Gerd Hoffmann <kraxel@redhat.com> qxl: map rom r/o
Map qxl rom read-only into the guest, so the guest can't tamper with the
content. qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list. A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
|