qemu/hw
Thomas Huth 66aa4b1b4b hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467]
We are doing things like

    nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);

in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if
the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes
with a division by 0 exception. Thus disallow block sizes of 256
bytes to avoid this situation.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813
CVE: 2023-42467
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230925091854.49198-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7cfcc79b0a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-09-28 07:32:23 +03:00
..
9pfs hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-09-11 10:53:50 +03:00
acpi acpi: pcihp: allow repeating hot-unplug requests 2023-05-18 21:09:41 +03:00
adc hw/adc: Make adci[*] R/W in NPCM7XX ADC 2022-07-18 13:20:14 +01:00
alpha hw: Remove unused MAX_IDE_BUS define 2022-10-31 11:32:07 +01:00
arm hw/arm/smmu: Handle big-endian hosts correctly 2023-07-31 09:12:06 +03:00
audio hw/audio/intel-hda: Drop unnecessary prototype 2022-11-23 12:30:45 +01:00
avr Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
block hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-09-11 10:53:50 +03:00
char hw/char/riscv_htif: Fix printing of console characters on big endian hosts 2023-09-13 12:21:22 +03:00
core machine: Add helpers to get cores/threads per socket 2023-09-11 10:53:50 +03:00
cpu cpu/core: Fix "help" of CPU core device types 2021-04-09 16:05:16 -04:00
cris Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
cxl hw/cxl: Fix CFMW config memory leak 2023-09-25 23:43:49 +03:00
display qxl: don't assert() if device isn't yet initialized 2023-09-11 10:53:51 +03:00
dma hw/dma/xilinx_axidma: Check DMASR.HALTED to prevent infinite loop. 2023-05-31 09:43:56 +03:00
gpio hw/gpio/meson: Introduce dedicated config switch for hw/gpio/mpc8xxx 2022-10-17 16:15:09 -03:00
hppa target/hppa: Provide qemu version via fw_cfg to firmware 2023-06-26 19:35:29 +03:00
hyperv hw/hyperv/hyperv.c: Use device_cold_reset() instead of device_legacy_reset() 2022-10-27 10:27:23 +01:00
i2c hw/i2c/aspeed: Fix TXBUF transmission start position error 2023-09-11 10:53:51 +03:00
i386 hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message() 2023-08-04 08:27:03 +03:00
ide hw/ide/ahci: fix broken SError handling 2023-09-11 10:53:51 +03:00
input pckbd: remove legacy i8042_mm_init() function 2022-07-18 19:28:46 +01:00
intc hw/intc: Make rtc variable names consistent 2023-09-13 12:21:22 +03:00
ipack qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
ipmi ipmi:smbus: Add a check around a memcpy 2022-08-01 06:40:50 -05:00
isa acpi: x86: move RPQx field back to _SB scope 2022-11-22 05:19:00 -05:00
loongarch Revert "hw/loongarch/virt: Add cfi01 pflash device" 2022-12-05 11:24:35 -05:00
m68k m68k/q800: do not re-randomize RNG seed on snapshot load 2022-10-27 11:34:31 +01:00
mem hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange 2022-11-07 13:12:19 -05:00
microblaze hw/microblaze: pass random seed to fdt 2022-09-21 19:59:56 +02:00
mips kvm: Introduce kvm_arch_get_default_type hook 2023-09-11 10:53:50 +03:00
misc bcm2835_property: disable reentrancy detection for iomem 2023-09-11 10:53:50 +03:00
net hw/net/vmxnet3: Fix guest-triggerable assert() 2023-09-11 10:53:51 +03:00
nios2 hw/nios2: set machine->fdt in nios2_load_dtb() 2022-10-17 16:15:10 -03:00
nubus qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nvme hw/nvme: fix CRC64 for guard tag 2023-09-11 10:53:50 +03:00
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-29 10:20:04 +03:00
openrisc openrisc: re-randomize rng-seed on reboot 2022-10-27 11:34:31 +01:00
pci pci: do not respond config requests after PCI device eject 2023-08-04 07:37:06 +03:00
pci-bridge hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE 2022-11-07 13:12:19 -05:00
pci-host raven: disable reentrancy detection for iomem 2023-09-11 10:53:50 +03:00
pcmcia hw/pcmcia: Do not register PCMCIA type if not required 2021-05-02 17:24:50 +02:00
ppc hw/ppc: Always store the decrementer value 2023-09-25 23:43:49 +03:00
rdma hw/pvrdma: Protect against buggy or malicious guest driver 2023-03-30 12:19:04 +03:00
remote hw/remote: Fix vfu_cfg trace offset format 2023-06-11 11:02:28 +03:00
riscv hw/riscv: virt: Fix riscv,pmu DT node path 2023-09-13 12:21:22 +03:00
rtc goldfish_rtc: Add big-endian property 2022-09-04 07:02:56 +01:00
rx rx: re-randomize rng-seed on reboot 2022-10-27 11:34:31 +01:00
s390x s390x/ap: fix missing subsystem reset registration 2023-09-13 21:57:05 +03:00
scsi hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] 2023-09-28 07:32:23 +03:00
sd hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields 2023-05-18 21:09:59 +03:00
sensor hw/sensor: Add Renesas ISL69259 device model 2022-07-14 16:24:38 +02:00
sh4 Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
smbios hw/smbios: Fix core count in type4 2023-09-11 10:53:50 +03:00
sparc machine: make memory-backend a link property 2022-05-12 12:29:44 +02:00
sparc64 hw: Remove unused MAX_IDE_BUS define 2022-10-31 11:32:07 +01:00
ssi aspeed/smc: Cache AspeedSMCClass 2022-10-24 11:20:15 +02:00
timer hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop 2023-06-22 10:38:38 +03:00
tpm hw/tpm: TIS on sysbus: Remove unsupport ppi command line option 2023-09-13 12:21:22 +03:00
tricore hw/tricore: fix inclusion of tricore_testboard 2021-07-20 20:10:21 +02:00
usb hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-09-11 10:53:50 +03:00
vfio vfio/pci: Disable INTx in vfio_realize error path 2023-08-05 08:39:54 +03:00
virtio virtio: Drop out of coroutine context in virtio_load() 2023-09-13 12:21:22 +03:00
watchdog watchdog: remove -watchdog option 2022-09-29 11:40:28 +02:00
xen xen/pt: reserve PCI slot 2 for Intel igd-passthru 2023-05-18 21:09:59 +03:00
xenpv Warn user if the vga flag is passed but no vga device is created 2022-05-09 08:21:14 +02:00
xtensa hw/xtensa: fix reset value of MIROUT register of MX PIC 2022-05-06 15:27:40 -07:00
Kconfig hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00
meson.build hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00