]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 05a7c8a) | patch
qemu: fix CVE-2017-16845
authorHongxu Jia <hongxu.jia@windriver.com>
Tue, 24 Apr 2018 07:37:50 +0000 (15:37 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 3 May 2018 09:03:27 +0000 (10:03 +0100)
commit1176b264db7eccf9a3c786df940d97717d4adfbe
treeb4bb2f089a7d07c1cdca0c222a4378e7649b3e90tree | snapshot
parent05a7c8a0b06f55a8084ab416c63280d370f53ee1commit | diff
qemu: fix CVE-2017-16845

During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.11.1.bb diff | blob | history
Mirror of the official openembedded-core repository