FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- oob access in cirrus bitblt copy

Affected packages
xen-tools < 4.7.1_2

Details

VuXML ID a73aba9a-effe-11e6-ae1b-002590263bf5
Discovery 2017-02-10
Entry 2017-02-11

The Xen Project reports:

When doing bitblt copy backwards, qemu should negate the blit width. This avoids an oob access before the start of video memory.

A malicious guest administrator can cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation.

References

CVE Name CVE-2017-2615
URL http://xenbits.xen.org/xsa/advisory-208.html