Vigil@nce - QEMU-KVM: denial of service via QXL graphic driver
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker inside a KVM guest system can use the QXL graphic
driver in order to generate a denial of service or to execute code.
Severity: 2/4
Creation date: 20/08/2010
DESCRIPTION OF THE VULNERABILITY
The graphic driver QXL handles graphics in a guest KVM system.
Data are transfered between QXL driver and host system in order to
display guest system screen. However, host system does not
validate all pointers passed by the guest. It can therefore
dereference an invalid pointer.
An attacker inside a KVM guest system can use the QXL graphic
driver in order to generate a denial of service or to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/QEMU-KVM-denial-of-service-via-QXL-graphic-driver-9862