Hello Gerd, Laszlo,
Thank you so much for the detailed analysis and explanations, appreciate it.
On Thu, 28 Aug 2014 07:57:17 GMT, kra...@redhat.com wrote:
> How to go forward with this? Ok to post the patches for review in
> public (aka qemu-devel)? Or do we have a CVE with embargo?
Please use
Hello Gerd,
On Thu, 28 Aug 2014 07:57:17 GMT, kra...@redhat.com wrote:
> In case the memory area happens to hit unmapped pages qemu segfaults.
> => DoS
>
> The guest can't modify host memory though, so I don't think this can be
> used by the guest to compromise the host.
I was finally able to re
Hi,
> There is a gap in the sequence above wherein it's not clear which function is
> invoked by - watch_func(...), which in turn calls
> dispatcher_handle_recv_read().
(gdb) thread apply all bt
Thread 2 (Thread 0x7fa703fff700 (LWP 25303)):
This is the spice worker thread, reading messages /
