mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw
History
Prasad J Pandit 3e831b40e0 scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952) 
Vmware Paravirtual SCSI emulation uses command descriptors to
process SCSI commands. These descriptors come with their ring
buffers. A guest could set the ring buffer size to an arbitrary
value leading to OOB access issue. Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Message-Id: <1464000485-27041-1-git-send-email-ppandit@redhat.com>
Reviewed-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-29 09:11:10 +02:00
..
9pfs
9p: drop unused declaration from coth.h
2016-05-18 15:04:27 +03:00
acpi
acpi: do not use TARGET_PAGE_SIZE
2016-05-19 16:42:28 +02:00
alpha
alpha: include cpu-qom.h in files that require AlphaCPU
2016-05-19 16:42:27 +02:00
arm
machine: add properties to compat_props incrementaly
2016-05-20 14:28:54 -03:00
audio
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
block
dma-helpers: change interface to byte-based
2016-05-25 19:04:11 +02:00
bt
qemu-common: stop including qemu/host-utils.h from qemu-common.h
2016-05-19 16:42:28 +02:00
char
hw/char: QOM'ify milkymist-uart.c
2016-05-29 09:11:10 +02:00
core
qdev: Start disentangling bus from device
2016-05-26 14:06:41 +01:00
cpu
explicitly include qom/cpu.h
2016-05-19 16:42:27 +02:00
cris
hw/char: QOM'ify etraxfs_ser.c
2016-05-29 09:11:10 +02:00
display
vga: add sr_vbe register set
2016-05-23 14:28:25 +02:00
dma
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
gpio
hw: clean up hw/hw.h includes
2016-05-19 16:42:30 +02:00
i2c
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
i386
pc: Set CPU model-id on compat_props for pc <= 2.4
2016-05-23 13:19:36 -03:00
ide
dma-helpers: change BlockBackend to opaque value in DMAIOFunc
2016-05-25 19:04:11 +02:00
input
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
intc
ioapic: clear remote irr bit for edge-triggered interrupts
2016-05-23 16:53:43 +02:00
ipack
ipack: Update e-mail address
2016-05-18 15:04:27 +03:00
ipmi
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
isa
explicitly include qom/cpu.h
2016-05-19 16:42:27 +02:00
lm32
hw/char: QOM'ify milkymist-uart.c
2016-05-29 09:11:10 +02:00
m68k
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
mem
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
microblaze
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
mips
mips: use MIPSCPU instead of CPUMIPSState
2016-05-19 16:42:27 +02:00
misc
cpu: move exec-all.h inclusion out of cpu.h
2016-05-19 16:42:29 +02:00
moxie
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
net
hw/net/spapr_llan: Provide counter with dropped rx frames to the guest
2016-05-27 09:40:23 +10:00
nvram
vl: Replace DT_NOGRAPHIC with machine option
2016-05-20 14:28:54 -03:00
openrisc
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
pci
Fix some typos found by codespell
2016-05-18 15:04:27 +03:00
pci-bridge
hw/pci-bridge: Add missing unref in case register-bus fails
2016-04-07 19:57:33 +03:00
pci-host
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
pcmcia
ppc
spapr_iommu: Move table allocation to helpers
2016-05-27 09:40:23 +10:00
s390x
s390: use FILE instead of QEMUFile for creating text file
2016-05-26 11:31:05 +05:30
scsi
scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
2016-05-29 09:11:10 +02:00
sd
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
sh4
cpu: move exec-all.h inclusion out of cpu.h
2016-05-19 16:42:29 +02:00
smbios
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
sparc
vl: Replace DT_NOGRAPHIC with machine option
2016-05-20 14:28:54 -03:00
sparc64
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
ssi
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
timer
aspeed: include qemu/log.h
2016-05-20 13:09:22 +01:00
tpm
tpm: Fix write to file descriptor function
2016-04-13 19:52:34 +03:00
tricore
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
unicore32
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
usb
usb/ohci: Fix crash with when specifying too many num-ports
2016-05-23 14:59:40 +02:00
vfio
vfio: Check that IOMMU MR translates to system address space
2016-05-26 11:12:09 -06:00
virtio
qapi: Split visit_end_struct() into pieces
2016-05-12 09:47:55 +02:00
watchdog
nmi: remove x86 specific nmi handling
2016-05-23 16:53:46 +02:00
xen
xen: write information about supported backends
2016-05-23 13:30:03 +02:00
xenpv
xen: add pvUSB backend
2016-05-23 13:30:03 +02:00
xtensa
qemu-common: push cpu.h inclusion out of qemu-common.h
2016-05-19 16:42:29 +02:00
Makefile.objs