xemu/hw
Prasad J Pandit ed4f86e8b6 multiboot: validate multiboot header address values
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
the kernel image. These addresses are used to compute kernel
size and kernel text offset in the OS image. Validate these
address values to avoid an OOB access issue.

This is CVE-2017-14167.

Reported-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170907063256.7418-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-09-19 14:09:33 +02:00
..
9pfs 9pfs: local: clarify fchmodat_nofollow() implementation 2017-09-05 17:56:58 +02:00
acpi vmgenid: replace x-write-pointer-available hack 2017-09-08 16:15:17 +03:00
adc
alpha alpha: replace cpu_alpha_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
arm mps2-an511: Fix wiring of UART overflow interrupt lines 2017-09-14 18:43:19 +01:00
audio audio: intel-hda: do not use old_mmio accesses 2017-09-18 13:13:32 +02:00
block scsi: move block/scsi.h to include/scsi/constants.h 2017-09-19 14:09:31 +02:00
bt bt: stop the sdp memory allocation craziness 2017-08-01 17:27:33 +02:00
char qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
core fw_cfg: rename read callback 2017-09-08 16:15:17 +03:00
cpu cpu: don't allow negative core id 2017-08-02 18:30:13 -03:00
cris cris: replace cpu_cris_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
display virtio-gpu: don't clear QemuUIInfo information on reset 2017-09-13 09:39:32 +02:00
dma xilinx_axidma: Convert to DEFINE_PROP_LINK 2017-09-07 13:54:51 +01:00
gpio qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
i2c ppc4xx_i2c: Move to hw/i2c 2017-09-08 09:30:55 +10:00
i386 multiboot: validate multiboot header address values 2017-09-19 14:09:33 +02:00
ide hw/ide: Convert DeviceClass init to realize 2017-09-18 19:43:38 -04:00
input qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
intc ppc patch queue 2017-09-15 2017-09-15 19:00:16 +01:00
ipack
ipmi qom: enforce readonly nature of link's check callback 2017-07-14 12:04:42 +02:00
isa trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
lm32 lm32: replace cpu_lm32_init() with cpu_generic_init() 2017-09-01 11:54:25 -03:00
m68k m68k: replace cpu_m68k_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
mem qmp: introduce query-memory-size-summary command 2017-09-14 15:52:10 +01:00
microblaze hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
mips mips: Add KVM T&E segment support for TCG 2017-08-02 22:18:06 +01:00
misc mmio-interface: Mark as not user creatable 2017-08-15 17:42:02 +01:00
moxie moxie: replace cpu_moxie_init() with cpu_generic_init() 2017-09-01 11:54:25 -03:00
net net: Add SunGEM device emulation as found on Apple UniNorth 2017-09-15 10:29:48 +10:00
nios2 nios2: replace cpu_nios2_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
nvram pc, pci, virtio: patches queued before 2.10 2017-09-08 16:04:42 +01:00
openrisc openrisc: replace cpu_openrisc_init() with cpu_generic_init() 2017-09-01 11:54:25 -03:00
pci net: Add SunGEM device emulation as found on Apple UniNorth 2017-09-15 10:29:48 +10:00
pci-bridge hw/pci: add QEMU-specific PCI capability to the Generic PCI Express Root Port 2017-09-08 16:15:17 +03:00
pci-host hw/pci-host/gpex: Implement PCI INTx routing 2017-09-14 18:43:19 +01:00
pcmcia
ppc spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events() 2017-09-15 10:29:48 +10:00
s390x s390x/pci: fixup trap_msix() 2017-08-30 18:23:26 +02:00
scsi scsi/esp: Rename the ESP macro to ESP_STATE 2017-09-19 14:09:33 +02:00
sd trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
sh4 sh4: replace cpu_sh4_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
smbios stubs: move smbios stubs to hw/smbios 2017-01-16 17:52:35 +01:00
sparc sparc: replace cpu_sparc_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
sparc64 apb: fix up PCI bus nomenclature 2017-09-04 18:41:01 +01:00
ssi xlnx-qspi: add a property for mmio-execution 2017-08-14 14:17:18 +01:00
timer i8254: use QEMU_ALIGN_DOWN 2017-08-31 12:29:07 +02:00
tpm
tricore tricore: replace cpu_tricore_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
unicore32 unicore32: replace uc32_cpu_init() with cpu_generic_init() 2017-09-01 11:54:25 -03:00
usb scsi: move block/scsi.h to include/scsi/constants.h 2017-09-19 14:09:31 +02:00
vfio vfio, spapr: Fix levels calculation 2017-09-15 10:29:48 +10:00
virtio vhost: Release memory references on cleanup 2017-09-08 16:15:17 +03:00
watchdog watchdog: wdt_aspeed: Add support for the reset width register 2017-09-04 15:21:54 +01:00
xen trace-events: fix code style: %# -> 0x% 2017-08-01 12:13:07 +01:00
xenpv xenfb: remove xen_init_display "temporary" hack 2017-07-07 11:10:03 -07:00
xtensa xtensa: replace cpu_xtensa_init() with cpu_generic_init() 2017-09-01 11:54:24 -03:00
Makefile.objs 9pfs: fix dependencies 2017-08-30 18:23:25 +02:00