diff options
author | Adrian Dudau <adrian.dudau@enea.com> | 2016-11-03 14:18:01 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-05-18 13:14:20 +0100 |
commit | 047e58b4ba57baf68d07d99a9a0eb3d7d1cab784 (patch) | |
tree | dbe437a97cf0957d9aef739eb40f4e4014059e2e /meta/recipes-devtools/qemu/qemu-targets.inc | |
parent | 485e244db8cc7d2c421e60a1ad3a2415a30852ee (diff) | |
download | poky-047e58b4ba57baf68d07d99a9a0eb3d7d1cab784.tar.gz |
qemu: Security fix CVE-2016-4952
affects qemu < 2.7.0
Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus
emulation support is vulnerable to an OOB r/w access issue. It could
occur while processing SCSI commands 'PVSCSI_CMD_SETUP_RINGS' or
'PVSCSI_CMD_SETUP_MSG_RING'.
A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.
References:
----------
http://www.openwall.com/lists/oss-security/2016/05/23/1
(From OE-Core rev: 3d6b4fd6bc4338b139ebcaf51b67c56cc97ba2ed)
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu-targets.inc')
0 files changed, 0 insertions, 0 deletions