2018-07-27 21:00:00
redhat
PUBLISHED
A heap buffer overflow flaw was found in QEMUs Cirrus CLGD 54xx VGA emulators VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.