Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qemu: security patch hw/display/qxl.c, CVE-2019-12155 #1862

Closed
5 tasks done
KexyBiscuit opened this issue May 31, 2019 · 1 comment
Closed
5 tasks done

qemu: security patch hw/display/qxl.c, CVE-2019-12155 #1862

KexyBiscuit opened this issue May 31, 2019 · 1 comment
Assignees
Labels
security Topic/issue involves a security issue/fixed

Comments

@KexyBiscuit
Copy link
Member

KexyBiscuit commented May 31, 2019

CVE IDs: CVE-2019-12155

Other security advisory IDs: DSA-4454-1

Descriptions: When releasing spice resources in release_resource() routine, if release info object 'ext.info' is null, it leads to null pointer dereference. Add check to avoid it.

Patches: [Qemu-devel] [PULL 1/8] qxl: check release info object

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
  • PowerPC 32-bit BE powerpc
@KexyBiscuit KexyBiscuit self-assigned this May 31, 2019
@KexyBiscuit KexyBiscuit added security Topic/issue involves a security issue/fixed to-stable labels May 31, 2019
@KexyBiscuit KexyBiscuit added this to the Winter 2018 milestone May 31, 2019
KexyBiscuit added a commit that referenced this issue Jun 8, 2019
KexyBiscuit added a commit that referenced this issue Jun 8, 2019
@KexyBiscuit
Copy link
Member Author

Assign AOSA-2019-0099.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security Topic/issue involves a security issue/fixed
Projects
None yet
Development

No branches or pull requests

1 participant