blob: 7b245d9cc38a4754dae063415d84fe4faa9866e8 (
plain) (
blame)
1
2
3
4
5
6
7
8
|
Missing checks for valid, writable, firmware in fw_cfg_write
The `fw_cfg_write` function in the firmware emulation is missing checks to ensure that the firmware being written is (a) a valid index, and (b) writable. This can lead to a segmentation fault and potentially (in the case of writing to FW_CFG_INVALID), memory corruption, although the attacker has fairly limited control over whether and what corruption is possible.
fw_cfg_write() support has been removed since QEMU 2.4, so I think we can treat this as fixed now: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=023e3148567ac898c725813
|