qemu/hw
Mauro Matteo Cascella 6c8fa961da scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Set current_req->req to NULL to prevent reusing a free'd buffer in case of
repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220705200543.2366809-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-06 09:31:15 +02:00
..
9pfs trivial typos: namesapce 2022-06-28 11:06:44 +02:00
acpi trivial typos: namesapce 2022-06-28 11:06:44 +02:00
adc hw/adc/zynq-xadc: Use qemu_irq typedef 2022-05-19 16:19:02 +01:00
alpha Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
arm hw/misc/aspeed: Add PECI controller 2022-06-30 09:21:14 +02:00
audio hw/audio/cs4231a: Const'ify global tables 2022-06-11 11:44:50 +02:00
avr Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
block hw: m25p80: add WP# pin and SRWD bit for write protection 2022-06-30 09:21:13 +02:00
char acpi: serial-is: replace ISADeviceClass::build_aml with AcpiDevAmlIfClass:build_dev_aml 2022-06-09 19:32:48 -04:00
core qdev: unplug blocker for devices 2022-06-15 14:50:41 +01:00
cpu cpu/core: Fix "help" of CPU core device types 2021-04-09 16:05:16 -04:00
cris Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
cxl pci-bridge/cxl_downstream: Add a CXL switch downstream port 2022-06-16 12:54:57 -04:00
display hw/i2c: add asynchronous send 2022-06-30 09:21:14 +02:00
dma ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
gpio hw/gpio: replace HWADDR_PRIx with PRIx64 2022-05-25 10:31:33 +02:00
hppa lasips2: move mapping of LASIPS2 registers to HPPA machine 2022-06-26 18:40:12 +01:00
hyperv hw/hyperv/vmbus: Remove unused vmbus_load/save_req() 2022-05-30 19:49:42 +02:00
i2c hw/i2c/aspeed: Add new-registers DMA slave mode RX support 2022-06-30 09:21:14 +02:00
i386 hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it 2022-06-29 00:24:59 +02:00
ide hw/ide/atapi.c: Correct typos (CD-CDROM -> CD-ROM) 2022-06-28 12:03:25 +02:00
input ps2: remove update_irq() function and update_arg parameter 2022-06-26 18:40:12 +01:00
intc hw/intc/loongarch_ipi: Fix mail send and any send function 2022-07-05 16:25:17 +05:30
ipack qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
ipmi acpi: ipmi: use AcpiDevAmlIf interface to build IPMI device descriptors 2022-06-09 19:32:49 -04:00
isa hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it 2022-06-29 00:24:59 +02:00
loongarch hw/intc/loongarch_ipi: Fix ipi device access of 64bits 2022-07-05 16:25:17 +05:30
m68k ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
mem mem/cxl_type3: Add read and write functions for associated hostmem. 2022-05-13 07:57:26 -04:00
microblaze Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
mips pckbd: move mapping of I8042_MMIO registers to MIPS magnum machine 2022-06-26 18:40:12 +01:00
misc hw/misc/aspeed: Add PECI controller 2022-06-30 09:21:14 +02:00
net e1000: set RX descriptor status in a separate operation 2022-07-06 11:39:09 +08:00
nios2 hw/nios2: Machine with a Vectored Interrupt Controller 2022-04-26 08:17:05 -07:00
nubus qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nvme trivial typos: namesapce 2022-06-28 11:06:44 +02:00
nvram hw/i2c: add asynchronous send 2022-06-30 09:21:14 +02:00
openrisc hw/openrisc: use right OMPIC size variable 2022-05-15 10:33:01 +09:00
pci trivial patches pull request 20220629 2022-06-30 04:49:40 +05:30
pci-bridge pci-bridge/cxl_downstream: Add a CXL switch downstream port 2022-06-16 12:54:57 -04:00
pci-host hw/pci-host/i440fx: Remove unused parameter from i440fx_init() 2022-06-28 11:10:33 +02:00
pcmcia hw/pcmcia: Do not register PCMCIA type if not required 2021-05-02 17:24:50 +02:00
ppc Trivial: 3 char repeat typos 2022-06-28 11:06:02 +02:00
rdma hw/pvrdma: Some cosmetic fixes 2022-04-26 12:25:14 +02:00
remote vfio-user: handle reset of remote device 2022-06-15 16:43:42 +01:00
riscv hw/riscv: boot: Reduce FDT address alignment constraints 2022-07-03 10:03:20 +10:00
rtc hw/rtc/ls7a_rtc: Drop unused inline functions 2022-07-05 16:17:53 +05:30
rx hw/rx: rx-gdbsim DTB load address aligned of 16byte. 2022-04-21 10:06:42 -07:00
s390x virtio: stop ioeventfd on reset 2022-06-14 16:50:30 +02:00
scsi scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) 2022-07-06 09:31:15 +02:00
sd hw/sd/allwinner-sdhost: report FIFO water level as 1 when data ready 2022-05-30 12:34:46 +01:00
sensor hw/i2c: add asynchronous send 2022-06-30 09:21:14 +02:00
sh4 Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
smbios hw/smbios: Add table 4 parameter, "processor-id" 2022-03-06 05:28:55 -05:00
sparc machine: make memory-backend a link property 2022-05-12 12:29:44 +02:00
sparc64 hw: Reuse TYPE_I8042 define 2022-06-11 11:44:50 +02:00
ssi aspeed/smc: Fix potential overflow 2022-06-30 09:21:13 +02:00
timer Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
tpm acpi: tpm-tis: use AcpiDevAmlIfClass:build_dev_aml to provide device's AML 2022-06-09 19:32:49 -04:00
tricore hw/tricore: fix inclusion of tricore_testboard 2021-07-20 20:10:21 +02:00
usb hw: canokey: Remove HS support as not compliant to the spec 2022-07-01 12:39:51 +02:00
vfio ui/console: Do not return a value with ui_info 2022-06-14 10:34:37 +02:00
virtio virtio-iommu: Fix migration regression 2022-06-27 18:53:18 -04:00
watchdog aspeed/wdt: Add AST1030 support 2022-05-02 17:03:03 +02:00
xen xen/pass-through: don't create needless register group 2022-07-05 14:19:48 +01:00
xenpv Warn user if the vga flag is passed but no vga device is created 2022-05-09 08:21:14 +02:00
xtensa hw/xtensa: fix reset value of MIROUT register of MX PIC 2022-05-06 15:27:40 -07:00
Kconfig hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00
meson.build hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00