Re: [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code

From:	Peter Maydell
Subject:	Re: [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code
Date:	Tue, 22 Mar 2022 22:58:11 +0000

On Mon, 21 Mar 2022 at 17:03, Thomas Huth <thuth@redhat.com> wrote:
>
> The following changes since commit 2058fdbe81e2985c226a026851dd26b146d3395c:
>
>   Merge tag 'fixes-20220318-pull-request' of git://git.kraxel.org/qemu into 
> staging (2022-03-19 11:28:54 +0000)
>
> are available in the Git repository at:
>
>   https://gitlab.com/thuth/qemu.git tags/pull-request-2022-03-21
>
> for you to fetch changes up to 27801168ecbb34b987d2e92a12369367bf9ac2bf:
>
>   tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225) 
> (2022-03-21 14:05:42 +0100)
>
> ----------------------------------------------------------------
> * Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611)
> * Fix heap overflow due to recursive DMA in sdhci code
>
> ----------------------------------------------------------------
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code, Thomas Huth, 2022/03/21
- [PULL 1/8] softmmu/physmem: Simplify flatview_write and address_space_access_valid, Thomas Huth, 2022/03/21
- [PULL 3/8] hw/audio/intel-hda: Do not ignore DMA overrun errors, Thomas Huth, 2022/03/21
- [PULL 2/8] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR, Thomas Huth, 2022/03/21
- [PULL 4/8] hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices), Thomas Huth, 2022/03/21
- [PULL 6/8] hw/sd/sdhci: Honor failed DMA transactions, Thomas Huth, 2022/03/21
- [PULL 7/8] hw/sd/sdhci: Prohibit DMA accesses to devices, Thomas Huth, 2022/03/21
- [PULL 5/8] tests/qtest/intel-hda-test: Add reproducer for issue #542, Thomas Huth, 2022/03/21
- [PULL 8/8] tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225), Thomas Huth, 2022/03/21
- Re: [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code, Peter Maydell <=

Prev by Date: Re: [PATCH 13/15] iotests: remove qemu_io_pipe_and_status()
Next by Date: Re: [PATCH v2 1/3] qapi: rename BlockDirtyBitmapMergeSource to BlockDirtyBitmapOrStr
Previous by thread: [PULL 8/8] tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)
Next by thread: [PATCH v5 00/18] iotests: add enhanced debugging info to qemu-img failures
Index(es):
- Date
- Thread