CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/05/28 11:14:38
Modified files:
usr.sbin/vmd : virtio.c
Log message:
A privileged guest can program an out-of-layout Virtio 1.x `queue_avail`
address for the `vioscsi` device and then notify the queue. The host-side
`vioscsi` device process dereferences a pointer derived from the unchecked
offset and terminates with `SIGSEGV`.
from Quarkslab
ok hshoexer, mlarkin
