CVE-2018-2843 Bug: offLocation provided by guest is not validated in hgsmiChannelHandler (HGSMIHostcpp) HGSMI_CC_HOST_FLAGS_LOCATION is used by guest to tell the host the location of HGSMIHOSTFLAGS structure in VRAM buffer However pLoc->offLocation used for calculating the address pHGFlags in VRAM buffer is not validated This results in memory corruption static DECLC