CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/05/28 11:13:17
Modified files:
usr.sbin/vmd : vioscsi.c
Log message:
A privileged guest can notify an invalid virtio-scsi queue index. The
host-side `vioscsi` device process uses the guest-controlled value as an array
index without a bounds check, interprets adjacent process memory as virtqueue
metadata, and terminates with `SIGSEGV`.
from Quarkslab
ok hshoexer, mlarkin
