xemu-project/xemu
1
0
Fork 0
mirror of https://github.com/xemu-project/xemu.git synced 2024-12-13 14:36:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3e831b40e0
xemu/hw
History
Prasad J Pandit 3e831b40e0 scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952) 
Vmware Paravirtual SCSI emulation uses command descriptors to
process SCSI commands. These descriptors come with their ring
buffers. A guest could set the ring buffer size to an arbitrary
value leading to OOB access issue. Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Message-Id: <1464000485-27041-1-git-send-email-ppandit@redhat.com>
Reviewed-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-29 09:11:10 +02:00
..
9pfs
acpi
alpha
arm machine: add properties to compat_props incrementaly 2016-05-20 14:28:54 -03:00
audio
block dma-helpers: change interface to byte-based 2016-05-25 19:04:11 +02:00
bt
char hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
core qdev: Start disentangling bus from device 2016-05-26 14:06:41 +01:00
cpu
cris hw/char: QOM'ify etraxfs_ser.c 2016-05-29 09:11:10 +02:00
display vga: add sr_vbe register set 2016-05-23 14:28:25 +02:00
dma
gpio hw: clean up hw/hw.h includes 2016-05-19 16:42:30 +02:00
i2c
i386 pc: Set CPU model-id on compat_props for pc <= 2.4 2016-05-23 13:19:36 -03:00
ide dma-helpers: change BlockBackend to opaque value in DMAIOFunc 2016-05-25 19:04:11 +02:00
input
intc ioapic: clear remote irr bit for edge-triggered interrupts 2016-05-23 16:53:43 +02:00
ipack
ipmi
isa
lm32 hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
m68k
mem
microblaze
mips
misc
moxie
net hw/net/spapr_llan: Provide counter with dropped rx frames to the guest 2016-05-27 09:40:23 +10:00
nvram vl: Replace DT_NOGRAPHIC with machine option 2016-05-20 14:28:54 -03:00
openrisc
pci
pci-bridge
pci-host
pcmcia
ppc spapr_iommu: Move table allocation to helpers 2016-05-27 09:40:23 +10:00
s390x s390: use FILE instead of QEMUFile for creating text file 2016-05-26 11:31:05 +05:30
scsi scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952) 2016-05-29 09:11:10 +02:00
sd
sh4
smbios
sparc vl: Replace DT_NOGRAPHIC with machine option 2016-05-20 14:28:54 -03:00
sparc64
ssi
timer aspeed: include qemu/log.h 2016-05-20 13:09:22 +01:00
tpm
tricore
unicore32
usb usb/ohci: Fix crash with when specifying too many num-ports 2016-05-23 14:59:40 +02:00
vfio vfio: Check that IOMMU MR translates to system address space 2016-05-26 11:12:09 -06:00
virtio
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen xen: write information about supported backends 2016-05-23 13:30:03 +02:00
xenpv xen: add pvUSB backend 2016-05-23 13:30:03 +02:00
xtensa
Makefile.objs