[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/sd: sdhci: Do not transfer any data when command fails
|
From: |
Mauro Matteo Cascella |
|
Subject: |
Re: [PATCH] hw/sd: sdhci: Do not transfer any data when command fails |
|
Date: |
Thu, 11 Feb 2021 09:52:15 +0100 |
Hello,
On Wed, Feb 10, 2021 at 11:27 PM Alistair Francis <alistair23@gmail.com> wrote:
>
> On Tue, Feb 9, 2021 at 2:55 AM Bin Meng <bmeng.cn@gmail.com> wrote:
> >
> > At the end of sdhci_send_command(), it starts a data transfer if
> > the command register indicates a data is associated. However the
> > data transfer should only be initiated when the command execution
> > has succeeded.
> >
> > Cc: qemu-stable@nongnu.org
> > Fixes: CVE-2020-17380
> > Fixes: CVE-2020-25085
> > Reported-by: Alexander Bulekov <alxndr@bu.edu>
> > Reported-by: Sergej Schumilo (Ruhr-University Bochum)
> > Reported-by: Cornelius Aschermann (Ruhr-University Bochum)
> > Reported-by: Simon Wrner (Ruhr-University Bochum)
> > Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
>
> Isn't this already fixed?
>
It turned out the bug was still reproducible on master. I'm actually
thinking of assigning a new CVE for this, to make it possible for
distros to apply this fix.
--
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0