FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- oob access in cirrus bitblt copy

Affected packages
xen-tools < 4.7.1_2

Details

VuXML ID a73aba9a-effe-11e6-ae1b-002590263bf5
Discovery 2017-02-10
Entry 2017-02-11

The Xen Project reports:

When doing bitblt copy backwards, qemu should negate the blit width. This avoids an oob access before the start of video memory.

A malicious guest administrator can cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation.

[source]

References

CVE Name CVE-2017-2615
URL http://xenbits.xen.org/xsa/advisory-208.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.