diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2023-09-11 12:09:27 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-09-15 03:47:11 -1000 |
commit | 1b52dc06632a0a958bdfb30cf75cfa2dbbf426e8 (patch) | |
tree | c8d3e436702094f9aef7ec92970510e5ffe262ce /meta/recipes-devtools/qemu/qemu.inc | |
parent | b48424988af3fd3e82706e44d4831bf0e701f2be (diff) | |
download | poky-1b52dc06632a0a958bdfb30cf75cfa2dbbf426e8.tar.gz |
qemu: Backport fix for CVE-2023-0330
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556
qemu.git$ git log --no-merges --oneline --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues
Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330
(From OE-Core rev: 45ce9885351a2344737170e6e810dc67ab3e7ea9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 3789d77046..2669ba4ec8 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -137,7 +137,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
137 | file://CVE-2021-3409-4.patch \ | 137 | file://CVE-2021-3409-4.patch \ |
138 | file://CVE-2021-3409-5.patch \ | 138 | file://CVE-2021-3409-5.patch \ |
139 | file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ | 139 | file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ |
140 | file://CVE-2023-0330.patch \ | 140 | file://CVE-2023-0330_1.patch \ |
141 | file://CVE-2023-0330_2.patch \ | ||
141 | file://CVE-2023-3354.patch \ | 142 | file://CVE-2023-3354.patch \ |
142 | file://CVE-2023-3180.patch \ | 143 | file://CVE-2023-3180.patch \ |
143 | " | 144 | " |