Missing checks for valid, writable, firmware in fw_cfg_write
Bug #786211 reported by
Nelson Elhage
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The `fw_cfg_write` function in the firmware emulation is missing checks to ensure that the firmware being written is (a) a valid index, and (b) writable. This can lead to a segmentation fault and potentially (in the case of writing to FW_CFG_INVALID), memory corruption, although the attacker has fairly limited control over whether and what corruption is possible.
To post a comment you must log in.
fw_cfg_write() support has been removed since QEMU 2.4, so I think we can treat this as fixed now: http:// git.qemu. org/?p= qemu.git; a=commitdiff; h=023e3148567ac 898c725813