fw_cfg_write() support has been removed since QEMU 2.4, so I think we
can treat this as fixed now:

** Changed in: qemu
       Status: New => Fix Released

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

  Missing checks for valid, writable, firmware in fw_cfg_write

Status in QEMU:
  Fix Released

Bug description:
  The `fw_cfg_write` function in the firmware emulation is missing
  checks to ensure that the firmware being written is (a) a valid index,
  and (b) writable. This can lead to a segmentation fault and
  potentially (in the case of writing to FW_CFG_INVALID), memory
  corruption, although the attacker has fairly limited control over
  whether and what corruption is possible.

To manage notifications about this bug go to:

Reply via email to