[Spice-devel] [CVE-2014-3615 PATCH v2 0/3] vbe: bochs dispi interface fixes

Gerd Hoffmann kraxel at redhat.com
Thu Sep 4 00:04:30 PDT 2014


Two fixes for the bochs dispi interface, one of them fixing a minor
security issue.

New in v2:  Got a CVE number.  Investigation & patch review found a
related issue in the spice code, so there is an additional patch.

/me plans to send a pull tomorrow, so this can go in fast enougth for
being cherry-picked into stable for the qemu 2.1.1 release.

please review,

Gerd Hoffmann (3):
  vbe: make bochs dispi interface return the correct memory size with
  vbe: rework sanity checks
  spice: make sure we don't overflow ssd->buf

 hw/display/qxl.c     |   1 +
 hw/display/vga.c     | 159 ++++++++++++++++++++++++++++++++-------------------
 hw/display/vga_int.h |   1 +
 ui/spice-display.c   |  16 ++++--
 4 files changed, 113 insertions(+), 64 deletions(-)


More information about the Spice-devel mailing list