609202 – (CVE-2017-2620) [TRACKER] qemu: display: cirrus_bitblt_cputovideo does not check if memory region is safe

Bug 609202 (CVE-2017-2620) - [TRACKER] qemu: display: cirrus_bitblt_cputovideo does not check if memory region is safe

Summary: [TRACKER] qemu: display: cirrus_bitblt_cputovideo does not check if memory re...

Status:	RESOLVED FIXED

Alias:	CVE-2017-2620

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	XSA-209 609206
Blocks:
	Show dependency tree

Reported:	2017-02-13 02:26 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-07-15 22:58 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-13 02:26:44 UTC

ISSUE DESCRIPTION
=================

In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo fails to check wethehr the specified memory
region is safe.

IMPACT
======

A malicious guest administrator can cause an out of bounds memory
write, very likely exploitable as a privilege escalation.