Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incom

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incom

From:	Don Koch
Subject:	Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration
Date:	Mon, 31 Mar 2014 13:26:16 -0400

On Mon, 31 Mar 2014 17:17:08 +0300
"Michael S. Tsirkin" <address@hidden> wrote:

> CVE-2013-4533
> 
> s->rx_level is read from the wire and used to determine how many bytes
> to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
> length of s->rx_fifo[] the buffer can be overrun with arbitrary data
> from the wire.
> 
> Fix this by validating rx_level against the size of s->rx_fifo.
> 
> Cc: Don Koch <address@hidden>
> Reported-by: Michael Roth <address@hidden>
> Signed-off-by: Michael S. Tsirkin <address@hidden>

Reviewed-by: Don Koch <address@hidden>

-d

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-stable] [PATCH v4 13/30] stellaris_enet: avoid buffer overrun on incoming migration, (continued)
- [Qemu-stable] [PATCH v4 14/30] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun on incoming migration (part 3), Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 16/30] virtio: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 16/30] virtio: avoid buffer overrun on incoming migration, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 17/30] openpic: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 17/30] openpic: avoid buffer overrun on incoming migration, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration, Peter Maydell, 2014/03/31
  - Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration, Don Koch <=
- [Qemu-stable] [PATCH v4 18/30] virtio: validate num_sg when mapping, Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 20/30] ssi-sd: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 20/30] ssi-sd: fix buffer overrun on invalid state load, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 21/30] ssd0323: fix buffer overun on invalid state load, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 21/30] ssd0323: fix buffer overun on invalid state load, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 22/30] tsc210x: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [PATCH v4 22/30] tsc210x: fix buffer overrun on invalid state load, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 23/30] zaurus: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 25/30] virtio-scsi: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 24/30] usb: sanity check setup_index+setup_len in post_load, Michael S. Tsirkin, 2014/03/31

Prev by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH v4 04/30] virtio-net: fix buffer overflow on invalid state load
Next by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH v4 04/30] virtio-net: fix buffer overflow on invalid state load
Previous by thread: Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration
Next by thread: [Qemu-stable] [PATCH v4 18/30] virtio: validate num_sg when mapping
Index(es):
- Date
- Thread