[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2

From: Peter Maydell
Subject: Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation()
Date: Sat, 11 Apr 2020 22:36:08 +0100

On Sat, 11 Apr 2020 at 20:45, Philippe Mathieu-Daudé <address@hidden> wrote:
> Buffer overflows are security issues because they allow attacker to
> arbitrarily write data in the process memory, and eventually take
> control of it. When attacker takes control, it can access underlying
> private data.

Note that for QEMU our security boundary is "VMs using KVM"; so
buffer overflows are a security issue in code and devices that
you can use in a KVM setup (including pluggable devices like
PCI devices) but not devices you can only use in a TCG setup
(where they're just bugs, though obviously ones we should
fix sooner rather than later).

-- PMM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]