Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
QEMU 缓冲区错误漏洞
Vulnerability Description
QEMU(Quick Emulator)是法国法布里斯-贝拉(Fabrice Bellard)个人开发者的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU存在安全漏洞,该漏洞源于qxl_phys2virt() 函数不检查客户物理地址所指向的结构的大小,可能会读取超过条空间末尾的相邻页面,攻击者利用该漏洞可以使主机上的 QEMU 进程崩溃,从而导致拒绝服务情况。
CVSS Information
N/A
Vulnerability Type
N/A