diff options
author | Frediano Ziglio <fziglio@redhat.com> | 2015-06-09 08:50:46 +0100 |
---|---|---|
committer | Frediano Ziglio <fziglio@redhat.com> | 2015-09-08 16:09:50 +0100 |
commit | bd6ea0db84949ac903c27708166604de892f4671 (patch) | |
tree | 73feb80514d8f03161559d127a178c256788a855 /docs | |
parent | f0acfbc6398a405393cc4dd84a03624196abf668 (diff) | |
download | spice-bd6ea0db84949ac903c27708166604de892f4671.tar.gz spice-bd6ea0db84949ac903c27708166604de892f4671.tar.xz spice-bd6ea0db84949ac903c27708166604de892f4671.zip |
Avoid race conditions reading monitor configs from guest
For security reasons do not assume guest do not change structures it
pass to Qemu.
Guest could change count field while Qemu is copying QXLMonitorsConfig
structure leading to heap corruption.
This patch avoid it reading count only once.
This patch solves CVE-2015-3247.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions