]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 57f0a4e) | patch
qemu: CVE-2017-17381
authorCatalin Enache <catalin.enache@windriver.com>
Tue, 19 Dec 2017 10:39:12 +0000 (12:39 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 14 Jan 2018 09:11:28 +0000 (09:11 +0000)
commit92a0513837182e2e9aa6c7d4958e495f4b5b4c47
tree7cc710e6bdfd5bb6540120a976803cb4e63e693btree | snapshot
parent57f0a4ee29b9fc15749a9d42fdf01718a7099c2dcommit | diff
qemu: CVE-2017-17381

The Virtio Vring implementation in QEMU allows local OS guest users to
cause a denial of service (divide-by-zero error and QEMU process crash)
by unsetting vring alignment while updating Virtio rings.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-17381

Upstream patch:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=758ead31c7e17bf17a9ef2e0ca1c3e86ab296b43

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-devtools/qemu/qemu/CVE-2017-17381.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.10.1.bb diff | blob | history
Mirror of the official openembedded-core repository