summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorFrediano Ziglio <fziglio@redhat.com>2015-06-09 08:50:46 +0100
committerFrediano Ziglio <fziglio@redhat.com>2015-09-08 16:09:50 +0100
commitbd6ea0db84949ac903c27708166604de892f4671 (patch)
tree73feb80514d8f03161559d127a178c256788a855 /docs
parentf0acfbc6398a405393cc4dd84a03624196abf668 (diff)
downloadspice-bd6ea0db84949ac903c27708166604de892f4671.tar.gz
spice-bd6ea0db84949ac903c27708166604de892f4671.tar.xz
spice-bd6ea0db84949ac903c27708166604de892f4671.zip
Avoid race conditions reading monitor configs from guest
For security reasons do not assume guest do not change structures it pass to Qemu. Guest could change count field while Qemu is copying QXLMonitorsConfig structure leading to heap corruption. This patch avoid it reading count only once. This patch solves CVE-2015-3247. Signed-off-by: Frediano Ziglio <fziglio@redhat.com> Acked-by: Christophe Fergeau <cfergeau@redhat.com>
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2024-04-19 17:44:27 +0000