oss-sec mailing list archives
CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources
From: P J P <ppandit () redhat com>
Date: Wed, 22 May 2019 12:38:24 +0530 (IST)
Hello,A null pointer dereference issue was found the QXL VGA card emulator of QEMU. It could occur while releasing resources allocated for a SPICE server thread in interface_release_resources().
A guest user could use this flaw to crash the QEMU process resulting in DoS scenario.
Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99This issue was reported by Sergej Schumilo, Cornelius Aschermann and Simon Wrner of Ruhr University Bochum.
Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources P J P (May 22)