mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e9d635ea18
qemu/hw/ide
History
Prasad J Pandit b8d7f1bc59 ide: atapi: check logical block address and read size (CVE-2020-29443) 
While processing ATAPI cmd_read/cmd_read_cd commands,
Logical Block Address (LBA) maybe invalid OR closer to the last block,
leading to an OOB access issues. Add range check to avoid it.

Fixes: CVE-2020-29443
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20210118115130.457044-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-23 09:26:40 -05:00
..
ahci_internal.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ahci-allwinner.c ahci: Move QOM macro to header 2020-08-27 14:04:54 -04:00
ahci.c hw/ide/ahci: Replace fprintf() by qemu_log_mask(GUEST_ERROR) 2021-01-18 11:51:26 +01:00
atapi.c ide: atapi: check logical block address and read size (CVE-2020-29443) 2021-01-23 09:26:40 -05:00
cmd646.c cmd646-ide: use qdev gpio rather than qemu_allocate_irqs() 2020-03-27 14:30:08 -04:00
core.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
ich.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ioport.c ide: rename cmd_write to ctrl_write 2020-10-01 13:04:16 -04:00
isa.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
Kconfig hw/ide/ahci: Add a Kconfig switch for the AHCI-ICH9 device 2019-05-13 09:36:31 +02:00
macio.c ide: rename cmd_write to ctrl_write 2020-10-01 13:04:16 -04:00
meson.build meson: convert hw/ide 2020-08-21 06:30:30 -04:00
microdrive.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
mmio.c ide: rename cmd_write to ctrl_write 2020-10-01 13:04:16 -04:00
pci.c ide: rename cmd_write to ctrl_write 2020-10-01 13:04:16 -04:00
piix.c xen: rework pci_piix3_xen_ide_unplug 2020-11-02 11:56:55 +00:00
qdev.c qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
sii3112.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
trace-events ide: rename cmd_write to ctrl_write 2020-10-01 13:04:16 -04:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
via.c via-ide: use qdev gpio rather than qemu_allocate_irqs() 2020-03-27 14:30:08 -04:00