[v3.0] qemu: holes in the bochs dispi interface parameter checking (CVE-2014-3615)
Description
An information leakage flaw was found in Qemu’s VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution.
A privileged user/program able to set such high resolution could use this flaw to leak host memory bytes.
Fixed in qemu-2.1.1. All previous versions seems to be fully or partially vulnerable.
Upstream fixes:
———————-
http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5
http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
References:
http://seclists.org/oss-sec/2014/q3/521
(from redmine: issue id 3382, created on 2014-09-24, closed on 2015-08-05)
- Relations:
- parent #3378 (closed)
- Changesets:
- Revision 9e73c36e by Natanael Copa on 2014-10-03T08:43:58Z:
main/qemu: security upgrade to 2.1.2 (CVE-2014-3615)
fixes #3382