ISSUE DESCRIPTION ================= In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo fails to check wethehr the specified memory region is safe. IMPACT ====== A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.