]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 1bc0711) | patch
qemu: Security fix CVE-2016-4952
authorAdrian Dudau <adrian.dudau@enea.com>
Thu, 3 Nov 2016 13:18:01 +0000 (14:18 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 18 May 2017 12:13:34 +0000 (13:13 +0100)
commit3d6b4fd6bc4338b139ebcaf51b67c56cc97ba2ed
treee16477d5fd27504c6db083d8ea4d1ef185d71b84tree | snapshot
parent1bc071172236ea020cac9db96e33de81950a15ffcommit | diff
qemu: Security fix CVE-2016-4952

affects qemu < 2.7.0

Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus
emulation support is vulnerable to an OOB r/w access issue. It could
occur while processing SCSI commands 'PVSCSI_CMD_SETUP_RINGS' or
'PVSCSI_CMD_SETUP_MSG_RING'.

A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.

References:
----------
http://www.openwall.com/lists/oss-security/2016/05/23/1

Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-devtools/qemu/qemu/CVE-2016-4952.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.5.0.bb diff | blob | history
Mirror of the official openembedded-core repository