]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f6ac069) | patch
qemu: fix CVE-2017-16845
authorHongxu Jia <hongxu.jia@windriver.com>
Tue, 24 Apr 2018 07:37:50 +0000 (15:37 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 4 May 2018 08:54:59 +0000 (09:54 +0100)
commit0d8f68fe43b4da1a0d356fe6bedb52b8f2a02081
treeca1ef4a635813503fa3f15845e1782d4be50ded9tree | snapshot
parentf6ac06967905686cc3974a3524c89cb74af22a16commit | diff
qemu: fix CVE-2017-16845

During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.11.1.bb diff | blob | history
Mirror of the official openembedded-core repository