]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9f1d026) | patch
qemu: CVE-2018-12617
authorJagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Wed, 22 Aug 2018 11:41:47 +0000 (17:11 +0530)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 29 Aug 2018 14:22:27 +0000 (15:22 +0100)
commita11c8ee86007f7f7a34b9dc29d01acc323b71873
tree27a8a417d24e4550d51f6f7b98e5a022b0cbdaa7tree | snapshot
parent9f1d026168956e7bf45135577c123f7679a6ebbacommit | diff
qemu: CVE-2018-12617

qga: check bytes count read by guest-file-read

While reading file content via 'guest-file-read' command,
'qmp_guest_file_read' routine allocates buffer of count+1
bytes. It could overflow for large values of 'count'.
Add check to avoid it.

Affects qemu < v3.0.0

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.11.1.bb diff | blob | history
Mirror of the official openembedded-core repository