Security vulnerabilities and automated fixes for dma issues
1 post found
A medium-severity vulnerability in `src/ddma.c` allowed a malicious guest OS to program DMA controllers with unconstrained transfer sizes and addresses, potentially enabling guest-to-host memory access in an emulated environment. The fix introduces strict bounds validation to ensure all DMA transfers stay within allocated memory regions, closing a dangerous path to host memory disclosure and corruption.