Red Hat Bugzilla – Bug 447759
CVE-2008-1952 qemu/xen/kvm: ioemu: Fix PVFB backend to limit frame buffer size
Last modified: 2009-09-11 05:01:20 EDT
Description of problem:
The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly. This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
Proposed upstream patch:
This fix is a sophisticated solution (another catch) for CVE-2008-1943.
This is fixed in all the relevant streams, so closing this tracker as CURRENTRELEASE.