[v2.5] qemu: holes in the bochs dispi interface parameter checking (CVE-2014-3615)
An information leakage flaw was found in Qemu’s VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution.
A privileged user/program able to set such high resolution could use this flaw to leak host memory bytes.
Fixed in qemu-2.1.1. All previous versions seems to be fully or partially vulnerable.
Upstream fixes:
———————-
http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5
http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
References:
http://seclists.org/oss-sec/2014/q3/521
(from redmine: issue id 3379, created on 2014-09-24, closed on 2015-05-07)
- Relations:
- parent #3378 (closed)