[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 0/4] vmsvga: security fixes
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PATCH 0/4] vmsvga: security fixes |
Date: |
Mon, 30 May 2016 09:09:17 +0200 |
Hi,
Here comes a series for the vmware svga, fixing security issues in the
fifo handling:
CVE-2016-4453 qemu: Infinite loop in vmsvga_fifo_run() function
CVE-2016-4454 qemu: Out-of-bounds read in vmsvga_fifo_read_raw() function
please review,
Gerd
Gerd Hoffmann (4):
vmsvga: move fifo sanity checks to vmsvga_fifo_length
vmsvga: add more fifo checks
vmsvga: shadow fifo registers
vmsvga: don't process more than 1024 fifo commands at once
hw/display/vmware_vga.c | 78 ++++++++++++++++++++++++++-----------------------
1 file changed, 41 insertions(+), 37 deletions(-)
--
1.8.3.1
- [Qemu-devel] [PATCH 0/4] vmsvga: security fixes,
Gerd Hoffmann <=