code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Hongxu Jia <hongxu.jia@windriver.com>
	Tue, 24 Apr 2018 07:37:50 +0000 (15:37 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 15 Jun 2018 10:37:46 +0000 (11:37 +0100)
commit	cdfceda098aa1a864cbb794065b9f555810c5c71
tree	a33430adba883fd745160371ad776d62efe4b33c	tree \| snapshot
parent	1a39330bf79f3d36a1a0f6d34b421de53ff36405	commit \| diff

qemu: fix CVE-2017-16845

During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.

(From OE-Core rev: 0d8f68fe43b4da1a0d356fe6bedb52b8f2a02081)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/qemu/qemu_2.11.1.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom