[Qemu-devel] [Bug 786211] Re: Missing checks for valid, writable, firmwa

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 786211] Re: Missing checks for valid, writable, firmwa

From:	T. Huth
Subject:	[Qemu-devel] [Bug 786211] Re: Missing checks for valid, writable, firmware in fw_cfg_write
Date:	Tue, 18 Oct 2016 21:14:24 -0000

fw_cfg_write() support has been removed since QEMU 2.4, so I think we
can treat this as fixed now:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=023e3148567ac898c725813

** Changed in: qemu
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/786211

Title:
  Missing checks for valid, writable, firmware in fw_cfg_write

Status in QEMU:
  Fix Released

Bug description:
  The `fw_cfg_write` function in the firmware emulation is missing
  checks to ensure that the firmware being written is (a) a valid index,
  and (b) writable. This can lead to a segmentation fault and
  potentially (in the case of writing to FW_CFG_INVALID), memory
  corruption, although the attacker has fairly limited control over
  whether and what corruption is possible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/786211/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 786211] Re: Missing checks for valid, writable, firmware in fw_cfg_write, T. Huth <=

Prev by Date: Re: [Qemu-devel] QOM properties vs C functions/fields (was Re: [PATCH v3 2/3] exec: rename cpu_exec_init() as cpu_exec_realizefn())
Next by Date: [Qemu-devel] [Bug 786440] Re: qcow2 double free
Previous by thread: [Qemu-devel] [PATCH] spapr_pci: advertise explicit numa IDs even when there's 1 node
Next by thread: [Qemu-devel] [Bug 786440] Re: qcow2 double free
Index(es):
- Date
- Thread