[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 08/30] ahci: fix buffer overrun on invalid st
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH v4 08/30] ahci: fix buffer overrun on invalid state load |
Date: |
Mon, 31 Mar 2014 16:31:57 +0100 |
On 31 March 2014 15:16, Michael S. Tsirkin <address@hidden> wrote:
> CVE-2013-4526
>
> Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So
> we use the old version of ports to read the array but then allow any
> value for ports. This can cause the code to overflow.
>
> There's no reason to migrate ports - it never changes.
> So just make sure it matches.
>
> Reported-by: Anthony Liguori <address@hidden>
> Signed-off-by: Michael S. Tsirkin <address@hidden>
> ---
Reviewed-by: Peter Maydell <address@hidden>
-- PMM
- Re: [Qemu-devel] [PATCH v4 26/30] savevm: fix potential segfault on invalid state, (continued)
- [Qemu-devel] [PATCH v4 27/30] vmxnet3: validate interrupt indices coming from guest, Michael S. Tsirkin, 2014/03/31
- [Qemu-devel] [PATCH v4 28/30] vmxnet3: validate interrupt indices read on migration, Michael S. Tsirkin, 2014/03/31
- [Qemu-devel] [PATCH v4 29/30] vmxnet3: validate queues configuration coming from quest, Michael S. Tsirkin, 2014/03/31
- [Qemu-devel] [PATCH v4 30/30] vmxnet3: validate queues configuration read on migration, Michael S. Tsirkin, 2014/03/31
- [Qemu-devel] [PATCH v4 08/30] ahci: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
- Re: [Qemu-devel] [PATCH v4 08/30] ahci: fix buffer overrun on invalid state load,
Peter Maydell <=