qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 13b250: uas: add stream number sanity checks.


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 13b250: uas: add stream number sanity checks.
Date: Wed, 01 Sep 2021 07:18:49 -0700

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 13b250b12ad3c59114a6a17d59caf073ce45b33a
      
https://github.com/qemu/qemu/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   2021-09-01 (Wed, 01 Sep 2021)

  Changed paths:
    M hw/usb/dev-uas.c

  Log Message:
  -----------
  uas: add stream number sanity checks.

The device uses the guest-supplied stream number unchecked, which can
lead to guest-triggered out-of-band access to the UASDevice->data3 and
UASDevice->status3 fields.  Add the missing checks.

Fixes: CVE-2021-3713
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Chen Zhe <chenzhe@huawei.com>
Reported-by: Tan Jingguo <tanjingguo@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>


  Commit: ae420c957aff2871b8a1af9cf9ee1a7a75b3552b
      
https://github.com/qemu/qemu/commit/ae420c957aff2871b8a1af9cf9ee1a7a75b3552b
  Author: Cai Huoqing <caihuoqing@baidu.com>
  Date:   2021-09-01 (Wed, 01 Sep 2021)

  Changed paths:
    M hw/usb/desc-msos.c
    M hw/usb/desc.h
    M hw/usb/dev-audio.c
    M hw/usb/host-libusb.c
    M hw/usb/quirks-ftdi-ids.h
    M hw/usb/u2f-emulated.c

  Log Message:
  -----------
  hw/usb: Fix typo in comments and print

Fix typo:
*informations  ==> information
*enougth  ==> enough
*enouth  ==> enough
*registy  ==> registry
*releated  ==> related
*Ouptut  ==> Output
*manualy  ==> manually
*Attemping  ==> Attempting
*contine  ==> continue
*tranceiver  ==> transceiver
*Tranceiver  ==> Transceiver

Signed-off-by: Cai Huoqing <caihuoqing@baidu.com>
Message-Id: <20210730012720.2246-1-caihuoqing@baidu.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 4c41a1c595e1ce3fe29f3b7bb22ff7402be9c77d
      
https://github.com/qemu/qemu/commit/4c41a1c595e1ce3fe29f3b7bb22ff7402be9c77d
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-09-01 (Wed, 01 Sep 2021)

  Changed paths:
    M hw/usb/desc-msos.c
    M hw/usb/desc.h
    M hw/usb/dev-audio.c
    M hw/usb/dev-uas.c
    M hw/usb/host-libusb.c
    M hw/usb/quirks-ftdi-ids.h
    M hw/usb/u2f-emulated.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/usb-20210901-pull-request' 
into staging

usb: bugfixes.

# gpg: Signature made Wed 01 Sep 2021 07:53:33 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20210901-pull-request:
  hw/usb: Fix typo in comments and print
  uas: add stream number sanity checks.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/9ca9f47fdaf5...4c41a1c595e1



reply via email to

[Prev in Thread] Current Thread [Next in Thread]