qemu/hw/scsi
Mauro Matteo Cascella 6c8fa961da scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Set current_req->req to NULL to prevent reusing a free'd buffer in case of
repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220705200543.2366809-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-06 09:31:15 +02:00
..
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c pci: Let pci_dma_rw() take MemTxAttrs argument 2021-12-31 01:05:23 +01:00
esp.c esp: recreate ESPState current_req after migration 2022-03-09 09:29:10 +00:00
Kconfig build: move vhost-scsi configuration to Kconfig 2022-05-07 07:46:58 +02:00
lsi53c895a.c scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) 2022-07-06 09:31:15 +02:00
megasas.c include: Move hardware version declarations to new qemu/hw-version.h 2022-02-21 13:30:20 +00:00
meson.build meson: convert hw/scsi 2020-08-21 06:30:28 -04:00
mfi.h Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
mptsas.h mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) 2021-04-19 15:48:12 +01:00
scsi-bus.c include: Move hardware version declarations to new qemu/hw-version.h 2022-02-21 13:30:20 +00:00
scsi-disk.c block: get rid of blk->guest_block_size 2022-06-24 17:07:06 +02:00
scsi-generic.c block: get rid of blk->guest_block_size 2022-06-24 17:07:06 +02:00
spapr_vscsi.c Trivial: 3 char repeat typos 2022-06-28 11:06:02 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
trace-events hw: Fix misleading hexadecimal format 2022-03-24 10:38:42 +00:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-scsi-common.c vhost-scsi: support inflight io track 2020-09-30 19:09:20 +02:00
vhost-scsi.c virtio: add vhost support for virtio devices 2022-05-16 04:38:40 -04:00
vhost-user-scsi.c hw/vhost-user-scsi|blk: set supports_config flag correctly 2022-06-09 19:32:49 -04:00
viosrp.h hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size 2020-03-17 15:08:50 +11:00
virtio-scsi-dataplane.c virtio-scsi: don't waste CPU polling the event virtqueue 2022-05-09 10:45:04 +01:00
virtio-scsi.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
vmw_pvscsi.c pci: Let ld*_pci_dma() propagate MemTxResult 2021-12-31 01:05:27 +01:00
vmw_pvscsi.h scsi: VMWare PVSCSI paravirtual device implementation 2013-04-19 10:44:17 +02:00