semantic: 0.460
graphic: 0.237
other: 0.072
device: 0.044
socket: 0.041
vnc: 0.031
debug: 0.021
network: 0.018
permissions: 0.017
boot: 0.017
files: 0.015
performance: 0.013
PID: 0.011
KVM: 0.004
debug: 0.344
files: 0.133
other: 0.131
device: 0.074
PID: 0.053
performance: 0.049
permissions: 0.046
semantic: 0.042
network: 0.036
KVM: 0.025
boot: 0.020
socket: 0.018
graphic: 0.015
vnc: 0.014

Missing checks for valid, writable, firmware in fw_cfg_write

The `fw_cfg_write` function in the firmware emulation is missing checks to ensure that the firmware being written is (a) a valid index, and (b) writable. This can lead to a segmentation fault and potentially (in the case of writing to FW_CFG_INVALID), memory corruption, although the attacker has fairly limited control over whether and what corruption is possible.



fw_cfg_write() support has been removed since QEMU 2.4, so I think we can treat this as fixed now: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=023e3148567ac898c725813