oss-sec mailing list archives
CVE-2014-3615 Qemu: information leakage when guest sets high resolution
From: P J P <ppandit () redhat com>
Date: Mon, 8 Sep 2014 12:39:19 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, An information leakage flaw was found in Qemu's VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution. A privileged user/program able to set such high resolution could use this flaw to leak host memory bytes. Upstream fixes: - --------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5 -> http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7 Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUDVYfAAoJEN0TPTL+WwQf3qsQALTsOCpDNXMBnRJ8ziz7pVLA Uoepy8fFeCxMELy7ZleGRDThCGzDeH4XCoHZ0prnV17I8imwHXvzWJKktzQSfXos y1LUvhxLpbUUwxyiGD/3iNXCzKLDdIXIUJd2+VB5BQUmJ5INhy25Za2/qFV3jhhb JHrYlzFJYD7LKnFzLlGtlYjRa6VF5+yCP0MlGmYV9ENbKOiFOhc+aB7MJkab2dYQ 3qQd0LRXoU4Ms8cvh51EPes3nUy6UlfQhBnbfc97M5lvm/1hnRN6UN/UDCNpsjZ/ yJT7rSqpEmAEk5UrhLOE52jZMdthFMz2Z84DVbu48dLrwg/ei0wXslV3ROpQmvsU jsxjyw/fzMAL2XXjqiqCe31X5dFmEPRJjROJcNE68xoifS+7y4VDRzHUNOK/jJAS cp4bHJii7p96aF2ACBbu16M13ax83q9/cH+HmKib7qGRgAnyfqRrn3kVn3PdIFJD yCji5dlmczLmrYG8NFYW9edB6XD9evX5RZijWHkMYdf9Q0FJcWL1eQnvWtNelvKC 96PcZaXlYzgyy1Qd1+1zdmO2r/G45FplsG6VX0cRXEz8e6/sDRGd2IoEFKmkoQcA AU+wsPn8d3sZ0YDHAgFkn3g9O5RRAtR5fh2jSWQRjuVXyqaKfEAeVWr3utupAuf3 P47T1YbVkKCXbnQQoDCq =Q6KC -----END PGP SIGNATURE-----
Current thread:
- CVE-2014-3615 Qemu: information leakage when guest sets high resolution P J P (Sep 08)