[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 191f59: vga: check the validation of memory a
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 191f59: vga: check the validation of memory addr when draw... |
|
Date: |
Thu, 25 Jan 2018 08:24:29 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 191f59dc17396bb5a8da50f8c59b6e0a430711a4
https://github.com/qemu/qemu/commit/191f59dc17396bb5a8da50f8c59b6e0a430711a4
Author: linzhecheng <address@hidden>
Date: 2018-01-25 (Thu, 25 Jan 2018)
Changed paths:
M hw/display/vga.c
Log Message:
-----------
vga: check the validation of memory addr when draw text
Start a vm with qemu-kvm -enable-kvm -vnc :66 -smp 1 -m 1024 -hda
redhat_5.11.qcow2 -device pcnet -vga cirrus,
then use VNC client to connect to VM, and excute the code below in guest
OS will lead to qemu crash:
int main()
{
iopl(3);
srand(time(NULL));
int a,b;
while(1){
a = rand()%0x100;
b = 0x3c0 + (rand()%0x20);
outb(a,b);
}
return 0;
}
The above code is writing the registers of VGA randomly.
We can write VGA CRT controller registers index 0x0C or 0x0D
(which is the start address register) to modify the
the display memory address of the upper left pixel
or character of the screen. The address may be out of the
range of vga ram. So we should check the validation of memory address
when reading or writing it to avoid segfault.
Signed-off-by: linzhecheng <address@hidden>
Message-id: address@hidden
Fixes: CVE-2018-5683
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: b3bbe959b5dc3bf07041946455cc8e8d562bfd1f
https://github.com/qemu/qemu/commit/b3bbe959b5dc3bf07041946455cc8e8d562bfd1f
Author: Peter Maydell <address@hidden>
Date: 2018-01-25 (Thu, 25 Jan 2018)
Changed paths:
M hw/display/vga.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180125-pull-request'
into staging
vga: fix for CVE-2018-5683
# gpg: Signature made Thu 25 Jan 2018 09:33:23 GMT
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/vga-20180125-pull-request:
vga: check the validation of memory addr when draw text
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/0f79bfe38a2c...b3bbe959b5dc
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 191f59: vga: check the validation of memory addr when draw...,
GitHub <=