qemu/hw/nvme
Klaus Jensen ecb1b7b082 hw/nvme: fix oob memory read in fdp events log
As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.

Fix this.

This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.

Fixes: CVE-2023-4135
Fixes: 73064edfb8 ("hw/nvme: flexible data placement emulation")
Reported-by: Trend Micro's Zero Day Initiative
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-08-07 08:51:37 +02:00
..
ctrl.c hw/nvme: fix oob memory read in fdp events log 2023-08-07 08:51:37 +02:00
dif.c hw/nvme: add new command abort case 2022-06-03 21:48:24 +02:00
dif.h hw/nvme: 64-bit pi support 2022-03-03 09:30:21 +01:00
Kconfig
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
ns.c hw/nvme: add placement handle list ranges 2023-06-28 11:22:46 +02:00
nvme.h hw/nvme: flexible data placement emulation 2023-03-06 15:28:02 +01:00
subsys.c hw/nvme: fix verification of number of ruhis 2023-06-28 11:22:17 +02:00
trace-events nvme: remove constant argument to tracepoint 2023-04-20 11:17:35 +02:00
trace.h