diff options
author | Chee Yang Lee <chee.yang.lee@intel.com> | 2023-03-21 11:40:23 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-04-01 20:23:23 +0100 |
commit | 72707c04e10248640328dd39afe55ba08195965d (patch) | |
tree | 9d675807dc06d19e792546938aa2e5f929092490 /meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch | |
parent | f76c7b8e6366129a2550417ed6f091717d897a81 (diff) | |
download | poky-72707c04e10248640328dd39afe55ba08195965d.tar.gz |
qemu: fix multple CVEs
import patches from ubuntu to fix
CVE-2020-15469
CVE-2020-15859
CVE-2020-17380
CVE-2020-35504
CVE-2020-35505
CVE-2021-3409
CVE-2022-26354
https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security
Combine patches for both CVE-2020-25085 and CVE-2021-3409 also fix CVE-2020-17380.
so mark CVE-2020-17380 fixed by CVE-2021-3409 patches. CVE-2020-17380 patch backported since
oecore rev 6b4c58a31ec11e557d40c31f2532985dd53e61eb.
(From OE-Core rev: 3ee2e9027d57dd5ae9f8795436c1acd18a9f1e24)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch new file mode 100644 index 0000000000..0f43adeea8 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 22dc8663d9fc7baa22100544c600b6285a63c7a3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wang <jasowang@redhat.com> | ||
3 | Date: Wed, 22 Jul 2020 16:57:46 +0800 | ||
4 | Subject: [PATCH] net: forbid the reentrant RX | ||
5 | |||
6 | The memory API allows DMA into NIC's MMIO area. This means the NIC's | ||
7 | RX routine must be reentrant. Instead of auditing all the NIC, we can | ||
8 | simply detect the reentrancy and return early. The queue->delivering | ||
9 | is set and cleared by qemu_net_queue_deliver() for other queue helpers | ||
10 | to know whether the delivering in on going (NIC's receive is being | ||
11 | called). We can check it and return early in qemu_net_queue_flush() to | ||
12 | forbid reentrant RX. | ||
13 | |||
14 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
15 | |||
16 | CVE: CVE-2020-15859 | ||
17 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/ubuntu/CVE-2020-15859.patch?h=ubuntu/focal-security Upstream commit https://github.com/qemu/qemu/commit/22dc8663d9fc7baa22100544c600b6285a63c7a3 ] | ||
18 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
19 | --- | ||
20 | net/queue.c | 3 +++ | ||
21 | 1 file changed, 3 insertions(+) | ||
22 | |||
23 | diff --git a/net/queue.c b/net/queue.c | ||
24 | index 0164727..19e32c8 100644 | ||
25 | --- a/net/queue.c | ||
26 | +++ b/net/queue.c | ||
27 | @@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState *from) | ||
28 | |||
29 | bool qemu_net_queue_flush(NetQueue *queue) | ||
30 | { | ||
31 | + if (queue->delivering) | ||
32 | + return false; | ||
33 | + | ||
34 | while (!QTAILQ_EMPTY(&queue->packets)) { | ||
35 | NetPacket *packet; | ||
36 | int ret; | ||
37 | -- | ||
38 | 1.8.3.1 | ||
39 | |||