mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fcf5787c02
qemu/hw/block
History
Peter Maydell fcf5787c02 hw/block/onenand: Fix off-by-one error allowing out-of-bounds read 
An off-by-one error in a switch case in onenand_read() allowed
a misbehaving guest to read off the end of a block of memory.

NB: the onenand device is used only by the "n800" and "n810"
machines, which are usable only with TCG, not KVM, so this is
not a security issue.

Reported-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20181115143535.5885-2-peter.maydell@linaro.org
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-11-19 15:55:11 +00:00
..
dataplane Replace '-enable-kvm' with '-accel kvm' in docs and help texts 2018-06-28 19:05:32 +02:00
block.c block: Remove deprecated -drive option serial 2018-08-15 12:50:39 +02:00
cdrom.c block: Clean up includes 2016-01-20 13:36:23 +01:00
ecc.c block: Clean up includes 2016-01-20 13:36:23 +01:00
fdc.c fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled 2018-11-19 12:51:22 +01:00
hd-geometry.c Include less of the generated modular QAPI headers 2018-03-02 13:45:50 -06:00
m25p80.c hw/block: Use the IEC binary prefix definitions 2018-07-02 15:41:13 +02:00
Makefile.objs hw: make virtio devices configurable via default-configs/ 2018-06-01 15:14:31 +02:00
nand.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
nvme.c nvme: fix oob access issue(CVE-2018-16847) 2018-11-19 12:51:16 +01:00
nvme.h hw/block/nvme: Include "qemu/cutils.h" directly in the source file 2018-06-01 14:15:10 +02:00
onenand.c hw/block/onenand: Fix off-by-one error allowing out-of-bounds read 2018-11-19 15:55:11 +00:00
pflash_cfi01.c hw/block/pflash_cfi: Convert from DPRINTF() macro to trace events 2018-06-29 15:04:18 +01:00
pflash_cfi02.c hw/block/pflash_cfi: Convert from DPRINTF() macro to trace events 2018-06-29 15:04:18 +01:00
tc58128.c hw/block: Use the IEC binary prefix definitions 2018-07-02 15:41:13 +02:00
trace-events hw/block/pflash_cfi: Convert from DPRINTF() macro to trace events 2018-06-29 15:04:18 +01:00
vhost-user-blk.c vhost-user-blk: start vhost when guest kicks 2018-11-05 13:24:02 -05:00
virtio-blk.c virtio-blk: fix comment for virtio_blk_rw_complete 2018-11-05 13:24:02 -05:00
xen_blkif.h xen: import ring.h from xen 2017-04-21 12:41:29 -07:00
xen_disk.c hw/xen: Use the IEC binary prefix definitions 2018-07-02 15:41:13 +02:00