2 matches found
qemu: local DoS with SCSI CD-ROM
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service guest crash via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has...
xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow
Multiple heap-based buffer overflows in the cirrusinvalidateregion function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty...