xemu/hw/net
Prasad J Pandit d05dcd94ae net: vmxnet3: validate configuration values during activate (CVE-2021-20203)
While activating device in vmxnet3_acticate_device(), it does not
validate guest supplied configuration values against predefined
minimum - maximum limits. This may lead to integer overflow or
OOB access issues. Add checks to avoid it.

Fixes: CVE-2021-20203
Buglink: https://bugs.launchpad.net/qemu/+bug/1913873
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-11-19 11:43:47 +08:00
..
can hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes 2021-08-02 12:19:18 +08:00
fsl_etsec hw/net: fsl_etsec: Tx padding length should exclude CRC 2021-03-31 11:10:50 +11:00
rocker net/rocker: use GDateTime for formatting timestamp in debug messages 2021-07-14 14:15:52 +01:00
allwinner_emac.c hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
allwinner-sun8i-emac.c hw/net/allwinner-sun8i-emac: traverse transmit queue using TX_CUR_DESC register value 2021-03-12 12:40:10 +00:00
cadence_gem.c cadence_gem: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
dp8393x.c dp8393x: don't force 32-bit register access 2021-07-11 22:29:54 +02:00
e1000_regs.h e1000: Rename the SEC symbol to SEQEC 2017-09-08 08:17:37 +08:00
e1000.c e1000: fix tx re-entrancy problem 2021-11-05 11:31:42 +08:00
e1000e_core.c hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor 2021-08-02 12:19:18 +08:00
e1000e_core.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000e.c hw/net: e1000e: Correct the initial value of VET register 2021-08-02 12:19:18 +08:00
e1000x_common.c e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000x_common.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
eepro100.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
etraxfs_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ftgmac100.c net: checksum: Introduce fine control over checksum type 2021-01-25 17:04:56 +08:00
i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
i82596.h hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
imx_fec.c hw/net/imx_fec: return 0xffff when accessing non-existing PHY 2021-05-27 11:03:07 +08:00
Kconfig hw/net/can: Correct Kconfig dependencies 2020-09-30 19:11:37 +02:00
lan9118.c lan9118: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
lance.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
lasi_i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
mcf_fec.c mcf_fec: Move mcf_fec_state typedef to header 2020-08-27 14:04:54 -04:00
meson.build Drop the deprecated lm32 target 2021-05-12 18:20:25 +02:00
mipsnet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
msf2-emac.c Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
ne2000-isa.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ne2000-pci.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
ne2000.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
ne2000.h Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
net_rx_pkt.c NetRxPkt: fix hash calculation of IPV6 TCP 2020-03-03 18:04:47 +08:00
net_rx_pkt.h NetRxPkt: Introduce support for additional hash types 2020-03-03 18:04:47 +08:00
net_tx_pkt.c hw/net/net_tx_pkt: Fix crash detected by fuzzer 2021-07-19 09:33:39 +02:00
net_tx_pkt.h hw/net: Added plen fix for IPv6 2020-07-21 21:30:39 +08:00
npcm7xx_emc.c net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set 2021-03-30 14:05:33 +01:00
opencores_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pcnet-pci.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
pcnet.c pcnet: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
pcnet.h lance: replace PROP_PTR with PROP_LINK 2020-01-07 17:24:29 +04:00
rtl8139.c rtl8139: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
smc91c111.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
spapr_llan.c Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
stellaris_enet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
sungem.c sungem: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
sunhme.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
trace-events dp8393x: convert to trace-events 2021-07-02 17:35:08 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
tulip.c tulip: Move TulipState typedef to header 2020-08-27 14:04:54 -04:00
tulip.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
vhost_net-stub.c vhost-net: control virtqueue support 2021-10-20 04:44:05 -04:00
vhost_net.c vhost: Fix last vq queue index of devices with no cvq 2021-11-11 03:13:05 -05:00
virtio-net.c virtio-net: vhost control virtqueue support 2021-10-20 04:44:05 -04:00
vmware_utils.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet3_defs.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vmxnet3.c net: vmxnet3: validate configuration values during activate (CVE-2021-20203) 2021-11-19 11:43:47 +08:00
vmxnet3.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet_debug.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
xen_nic.c Revert "net: Move NetClientState.info_str to dynamic allocations" 2021-04-08 17:33:59 +08:00
xgmac.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xilinx_axienet.c hw/net/xilinx_axienet: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
xilinx_ethlite.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00