mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw/display
History
Gerd Hoffmann 92f2b88cea cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620) 
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
and blit width, at all.  Oops.  Fix it.

Security impact: high.

The missing blit destination check allows to write to host memory.
Basically same as CVE-2014-8106 for the other blit variants.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-24 14:35:50 +01:00
..
ads7846.c
bcm2835_fb.c
blizzard.c
cg3.c
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c
cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)
2017-02-24 14:35:50 +01:00
dpcd.c
exynos4210_fimd.c
framebuffer.c
hw/display/framebuffer.c: Avoid overflow for framebuffers > 4GB
2017-01-24 23:26:53 +03:00
framebuffer.h
g364fb.c
migration: consolidate VMStateField.start
2017-02-13 17:27:13 +00:00
jazz_led.c
Makefile.objs
milkymist-tmu2.c
char: rename CharDriverState Chardev
2017-01-27 18:07:59 +01:00
milkymist-vgafb_template.h
milkymist-vgafb.c
omap_dss.c
omap_lcd_template.h
omap_lcdc.c
pl110_template.h
pl110.c
pxa2xx_lcd.c
pxa2xx_template.h
qxl-logger.c
qxl-render.c
qxl.c
qxl: switch to constants within BUILD_BUG_ON
2017-01-31 15:57:27 +02:00
qxl.h
sm501_template.h
sm501.c
char: rename CharDriverState Chardev
2017-01-27 18:07:59 +01:00
ssd0303.c
i2c: Allow I2C devices to NAK start events
2017-01-09 11:40:20 +00:00
ssd0323.c
tc6393xb_template.h
tc6393xb.c
tcx.c
trace-events
cirrus: replace debug printf with trace points
2017-02-10 16:49:45 +01:00
vga_int.h
vga-helpers.h
vga-isa-mm.c
vga-isa.c
vga-pci.c
vga.c
vga: replace debug printf with trace points
2017-02-10 16:49:45 +01:00
vga.h
virtio-gpu-3d.c
virtio-gpu: fix resource leak in virgl_cmd_resource_unref
2017-02-10 16:49:45 +01:00
virtio-gpu-pci.c
virtio-gpu.c
virtio-gpu: fix memory leak in set scanout
2017-02-10 16:49:45 +01:00
virtio-vga.c
vmware_vga.c
xenfb.c
xen: Rename xen_be_find_xendev
2016-10-28 17:54:39 -07:00
xlnx_dp.c
hw: Fix typos found by codespell
2017-01-24 23:26:52 +03:00