|
| From: | John Snow |
| Subject: | Re: [Qemu-devel] [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer |
| Date: | Wed, 13 May 2015 10:35:25 -0400 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/13/2015 10:33 AM, John Snow wrote: > From: Petr Matousek <address@hidden> > > During processing of certain commands such as FD_CMD_READ_ID and > FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get > out of bounds leading to memory corruption with values coming from > the guest. > > Fix this by making sure that the index is always bounded by the > allocated memory. > > This is CVE-2015-3456. > > Signed-off-by: Petr Matousek <address@hidden> Reviewed-by: > John Snow <address@hidden> Signed-off-by: John Snow > <address@hidden> --- [snip] Already sent the pull request (at 08:00 EDT this morning) for inclusion in the master branch, but this will serve as the formal patch discussion / and request for inclusion into any stable branches still being maintained. Thanks. - --John Snow -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVU2EtAAoJEH3vgQaq/DkO+ogP/1D1W2F4hbqV+CDakrCLJagz wC/XiGmixY+CUHr8z+OjXLtJLkSj2HprdbY3S1ogeJUOLXHUePYGBBEwjjH/Ed7b TPYjzfEZlmw5UzMIGOIIZfHtOA5Xzsq0Ipqk5PXOXyprm0aDji9ZMwRTkdTbwuYI kBps6ajkHNkzxIIRO11aWJjiRo0CfIEFZgLrYRVdtixzfgeEHJRfGJJvOA3VIrwD 5yS2tjgpkrj4C4tO/gdOeOUfmiwh5IjSHPVwgEkTABZxe4FFxEs9oGuReKyZFcq9 /60nqJ689+JxMxoPtPcQDvwf9tSmOWG1RRe3m+NwhY3lLuIhmpIDnjABSvFJhUye v9gd52jf/mOO557iUh/I8JbdZLc8NPcR8C9JC1zGewYFk7lKEsVUUaAyw1QkrrVa 7GfpjjnXeys8HkBgNNmjtLnq6V15rFA5B8Oc0yyhSRXZimIIkF6C+G8pnv8GdonL n7Sm1nsFnhVeinK37dSDMHBqKqRKGyJE6HRGniP9xMluycxf9mtNMKpBmPmmTHPd QjjScqrWQTJd12Hlzsh7HnoNNBQ/nG6Om45/PKsoVWaByc7d7XQ0yw3BI3xLxQMb yzmstCgAg5K+pbt2MJsPBMJCCOuda2scCSWAWVFAX306sdcV5ZUhr6wpnhlCV1lI UEjPHAmhLUUqrZDQHuH0 =gUNa -----END PGP SIGNATURE-----
| [Prev in Thread] | Current Thread | [Next in Thread] |