Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:Update
xen.14030
CVE-2019-12155-qemuu-null-pointer-dereference-w...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-12155-qemuu-null-pointer-dereference-while-releasing-spice-resources.patch of Package xen.14030
References: bsc#1135905 qxl: check release info object When releasing spice resources in release_resource() routine, if release info object 'ext.info' is null, it leads to null pointer dereference. Add check to avoid it. Reported-by: Bugs SysSec <bugs-syssec@rub.de> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 20190425063534.32747-1-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Index: xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/display/qxl.c =================================================================== --- xen-4.5.5-testing.orig/tools/qemu-xen-dir-remote/hw/display/qxl.c +++ xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/display/qxl.c @@ -708,6 +708,9 @@ static void interface_release_resource(Q QXLReleaseRing *ring; uint64_t *item, id; + if (!ext.info) { + return; + } if (ext.group_id == MEMSLOT_GROUP_HOST) { /* host group -> vga mode update request */ qemu_spice_destroy_update(&qxl->ssd, (void *)(intptr_t)ext.info->id);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor