First published: Fri Feb 26 2010(Updated: )
Izik Eidus found a bug in QEMU that allows priviledged guest user to touch arbitrary memory in the hosting QEMU process. The bug is in QXL/libspice code. Guest and host share region of memory and use it to communicate with each other. Malicious user can use the lack of validation of pointers embedded into data structures in this memory area to touch host's abitrary memory location and/or make the hosting QEMU process crash by dereferencing invalid pointer.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Qspice | =0.3.0 | |
Redhat Enterprise Virtualization | =2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.