mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
70903cc2fb
qemu/hw
History
Prasad J Pandit b8d7f1bc59 ide: atapi: check logical block address and read size (CVE-2020-29443) 
While processing ATAPI cmd_read/cmd_read_cd commands,
Logical Block Address (LBA) maybe invalid OR closer to the last block,
leading to an OOB access issues. Add range check to avoid it.

Fixes: CVE-2020-29443
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20210118115130.457044-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-23 09:26:40 -05:00
..
9pfs 9pfs: Fully restart unreclaim loop (CVE-2021-20181) 2021-01-15 08:44:28 +01:00
acpi acpi: Add addr offset in build_crs 2021-01-17 06:42:54 -05:00
adc hw/adc: Add an ADC module for NPCM7XX 2021-01-12 21:19:02 +00:00
alpha
arm hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
audio audio/via-ac97: Simplify code and set user_creatable to false 2021-01-04 23:24:44 +01:00
avr
block nbd patches for 2021-01-20 2021-01-21 10:44:28 +00:00
char Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
core clock: Define and use new clock_display_freq() 2021-01-04 23:24:44 +01:00
cpu
cris
display
dma
gpio
hppa
hyperv
i2c
i386 acpi: Add addr offset in build_crs 2021-01-17 06:42:54 -05:00
ide ide: atapi: check logical block address and read size (CVE-2020-29443) 2021-01-23 09:26:40 -05:00
input Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
intc hw/intc/ppc-uic: Make default dcr-base 0xc0, not 0x30 2021-01-19 10:20:29 +11:00
ipack
ipmi Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
isa vt82c686: Rename superio config related parts 2021-01-04 23:24:44 +01:00
lm32
m68k hw/m68k/next-cube: Add vmstate for NeXTPC device 2021-01-19 09:11:52 +01:00
mem hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
microblaze
mips docs/system: Remove deprecated 'fulong2e' machine alias 2021-01-14 17:13:54 +01:00
misc Trivial patches 20210118 2021-01-18 15:19:06 +00:00
moxie
net hw/net/lan9118: Add symbolic constants for register offsets 2021-01-12 21:19:02 +00:00
nios2
nubus
nvram hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
openrisc
pci pci/shpc: don't push attention button when ejecting powered-off device 2021-01-13 09:06:37 -05:00
pci-bridge Kconfig: Compile PXB for ARM_VIRT 2021-01-17 06:42:54 -05:00
pci-host acpi/gpex: Exclude pxb's resources from PCI0 2021-01-17 06:42:54 -05:00
pcmcia
ppc spapr_cpu_core.c: use g_auto* in spapr_create_vcpu() 2021-01-19 10:20:29 +11:00
rdma
riscv riscv: Pass RISCVHartArrayState by pointer 2021-01-16 14:34:46 -08:00
rtc pl031: Use timer_free() in the finalize function to avoid memleaks 2021-01-18 11:51:26 +01:00
rx
s390x Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
scsi block: Honor blk_set_aio_context() context requirements 2021-01-20 14:48:08 -06:00
sd Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
semihosting semihosting: Implement SYS_ISERROR 2021-01-18 10:05:06 +00:00
sh4
smbios
sparc sun4m: don't connect two qemu_irqs directly to the same input 2021-01-06 11:41:37 +00:00
sparc64
ssi hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
timer hw/timer: Refactor NPCM7XX Timer to use CLK clock 2021-01-12 21:19:02 +00:00
tpm
tricore
unicore32
usb Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
vfio Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
virtio hw/virtio-pci: Replace error_report() by qemu_log_mask(GUEST_ERROR) 2021-01-18 11:51:26 +01:00
watchdog Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
xen
xenpv
xtensa
Kconfig
meson.build