FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe

Affected packages
xen-tools < 4.7.1_4

Details

VuXML ID 8cbd9c08-f8b9-11e6-ae1b-002590263bf5
Discovery 2017-02-21
Entry 2017-02-22

The Xen Project reports:

In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo fails to check wethehr the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.

References

CVE Name CVE-2017-2620
URL http://xenbits.xen.org/xsa/advisory-209.html