diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2017-09-21 08:34:37 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-09-22 17:15:30 +0100 |
commit | 4db9f488546fda5eb287a1337bd7213005aed864 (patch) | |
tree | 16571ee495f7b8457742754df12fc954e13c1429 /meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch | |
parent | bbe55428976d1f486bf232f654cc055b87e369e0 (diff) | |
download | poky-4db9f488546fda5eb287a1337bd7213005aed864.tar.gz |
qemu: Security fixes
Fix CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-14167
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13672
https://nvd.nist.gov/vuln/detail/CVE-2017-13673
https://nvd.nist.gov/vuln/detail/CVE-2017-13711
https://nvd.nist.gov/vuln/detail/CVE-2017-14167
Patches from:
CVE-2017-13672:
https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CVE-2017-13673:
https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3
CVE-2017-13711:
https://git.qemu.org/?p=qemu.git;a=commit;h=1201d308519f1e915866d7583d5136d03cc1d384
CVE-2017-14167:
https://git.qemu.org/?p=qemu.git;a=commit;h=ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb
(From OE-Core rev: acc5036a6b74a76d719e6f7224a398f47df4a041)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch b/meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch new file mode 100644 index 0000000000..3d0695fd66 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From e65294157d4b69393b3f819c99f4f647452b48e3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
3 | Date: Mon, 28 Aug 2017 14:33:07 +0200 | ||
4 | Subject: [PATCH] vga: fix display update region calculation (split screen) | ||
5 | |||
6 | vga display update mis-calculated the region for the dirty bitmap | ||
7 | snapshot in case split screen mode is used. This can trigger an | ||
8 | assert in cpu_physical_memory_snapshot_get_dirty(). | ||
9 | |||
10 | Impact: DoS for privileged guest users. | ||
11 | |||
12 | Fixes: CVE-2017-13673 | ||
13 | Fixes: fec5e8c92becad223df9d972770522f64aafdb72 | ||
14 | Cc: P J P <ppandit@redhat.com> | ||
15 | Reported-by: David Buchanan <d@vidbuchanan.co.uk> | ||
16 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
17 | Message-id: 20170828123307.15392-1-kraxel@redhat.com | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | [https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3] | ||
21 | |||
22 | CVE: CVE-2017-13673 | ||
23 | |||
24 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
25 | --- | ||
26 | hw/display/vga.c | 10 ++++++++-- | ||
27 | 1 file changed, 8 insertions(+), 2 deletions(-) | ||
28 | |||
29 | diff --git a/hw/display/vga.c b/hw/display/vga.c | ||
30 | index 3433102..ad7a465 100644 | ||
31 | --- a/hw/display/vga.c | ||
32 | +++ b/hw/display/vga.c | ||
33 | @@ -1628,9 +1628,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) | ||
34 | y1 = 0; | ||
35 | |||
36 | if (!full_update) { | ||
37 | + ram_addr_t region_start = addr1; | ||
38 | + ram_addr_t region_end = addr1 + line_offset * height; | ||
39 | vga_sync_dirty_bitmap(s); | ||
40 | - snap = memory_region_snapshot_and_clear_dirty(&s->vram, addr1, | ||
41 | - line_offset * height, | ||
42 | + if (s->line_compare < height) { | ||
43 | + /* split screen mode */ | ||
44 | + region_start = 0; | ||
45 | + } | ||
46 | + snap = memory_region_snapshot_and_clear_dirty(&s->vram, region_start, | ||
47 | + region_end - region_start, | ||
48 | DIRTY_MEMORY_VGA); | ||
49 | } | ||
50 | |||
51 | -- | ||
52 | 2.7.4 | ||
53 | |||