diff options
| author | Vijay Anusuri <vanusuri@mvista.com> | 2023-12-29 09:27:41 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-01-05 03:25:39 -1000 |
| commit | bcf4caec9ee72496762602746e9244f07b883e7f (patch) | |
| tree | 2656ef97264a1a83779d4d09b3e723a4d2560b20 /meta/recipes-devtools/qemu/qemu.inc | |
| parent | a2bf2f28c4f2ae2ab19a963d801029abb7de5dc9 (diff) | |
| download | poky-bcf4caec9ee72496762602746e9244f07b883e7f.tar.gz | |
qemu: Fix CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise
addressed to an arbitrary disk offset to be targeted to
offset 0 instead (potentially overwriting the VM's boot code).
This change is to fix CVE-2023-5088.
Link: https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
(From OE-Core rev: df9e2d40c52b752940de61388997e485da56de0c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 9dd90e8789..4f856c749e 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
| @@ -141,6 +141,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
| 141 | file://CVE-2023-3354.patch \ | 141 | file://CVE-2023-3354.patch \ |
| 142 | file://CVE-2023-3180.patch \ | 142 | file://CVE-2023-3180.patch \ |
| 143 | file://CVE-2020-24165.patch \ | 143 | file://CVE-2020-24165.patch \ |
| 144 | file://CVE-2023-5088.patch \ | ||
| 144 | " | 145 | " |
| 145 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 146 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
| 146 | 147 | ||