qxl: map rom r/o - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Gerd Hoffmann	2020-02-25 06:59:19 +0100
committer	Gerd Hoffmann	2020-03-02 08:24:36 +0100
commit	44b5c1ebfa5db337714180e9d4a8d525da5595d6 (patch)
tree	4299858e63c79ae06c181ede800e62ce36caa565 /scripts/clean-includes
parent	Arithmetic error in EDID generation fixed (diff)
download	qemu-44b5c1ebfa5db337714180e9d4a8d525da5595d6.tar.gz qemu-44b5c1ebfa5db337714180e9d4a8d525da5595d6.tar.xz qemu-44b5c1ebfa5db337714180e9d4a8d525da5595d6.zip

qxl: map rom r/o

Map qxl rom read-only into the guest, so the guest can't tamper with the content. qxl has a shadow copy of the rom to deal with that, but the shadow doesn't cover the mode list. A privilidged user in the guest can manipulate the mode list and that to trick qemu into oob reads, leading to a DoS via segfault if that read access happens to hit unmapped memory. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200225055920.17261-2-kraxel@redhat.com

Diffstat (limited to 'scripts/clean-includes')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: