summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2021-08-23 21:27:42 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-09-01 16:27:09 +0100
commit189108ac7441a2232829b519d9834aa3e7d2713a (patch)
tree0d76be302cf8c3560182b2f5e639eee9deacee0c /meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch
parent0d253da7204bbba3fbdf6fa479bbb723e122e2bd (diff)
downloadpoky-189108ac7441a2232829b519d9834aa3e7d2713a.tar.gz
qemu: Security fixes CVE-2021-3545/6
Source: qemu.org MR: 111845, 111839 Type: Security Fix Disposition: Backport from https://gitlab.com/qemu-project/qemu/-/commit/9f22893a & 121841b2 ChangeID: 111b168e0fe4d2a722158c6bfdaceb06a8789e69 Description: Fixes: CVE-2021-3545 and CVE-2021-3546 (From OE-Core rev: e066967a306292cd0ce5ef2cd5aa0ee80fde1041) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch')
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch
new file mode 100644
index 0000000000..fcdda64437
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch
@@ -0,0 +1,41 @@
1From 121841b25d72d13f8cad554363138c360f1250ea Mon Sep 17 00:00:00 2001
2From: Li Qiang <liq3ea@163.com>
3Date: Sat, 15 May 2021 20:03:56 -0700
4Subject: [PATCH] vhost-user-gpu: fix memory disclosure in
5 virgl_cmd_get_capset_info (CVE-2021-3545)
6MIME-Version: 1.0
7Content-Type: text/plain; charset=UTF-8
8Content-Transfer-Encoding: 8bit
9
10Otherwise some of the 'resp' will be leaked to guest.
11
12Fixes: CVE-2021-3545
13Reported-by: Li Qiang <liq3ea@163.com>
14virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak
15in getting capset info dispatch")
16
17Signed-off-by: Li Qiang <liq3ea@163.com>
18Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
19Message-Id: <20210516030403.107723-2-liq3ea@163.com>
20Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
21
22Upstream-Status: Backport
23CVE: CVE-2021-3545
24Signed-off-by: Armin Kuster <akuster@mvista.com>
25
26---
27 contrib/vhost-user-gpu/virgl.c | 1 +
28 1 file changed, 1 insertion(+)
29
30Index: qemu-4.2.0/contrib/vhost-user-gpu/virgl.c
31===================================================================
32--- qemu-4.2.0.orig/contrib/vhost-user-gpu/virgl.c
33+++ qemu-4.2.0/contrib/vhost-user-gpu/virgl.c
34@@ -132,6 +132,7 @@ virgl_cmd_get_capset_info(VuGpu *g,
35
36 VUGPU_FILL_CMD(info);
37
38+ memset(&resp, 0, sizeof(resp));
39 if (info.capset_index == 0) {
40 resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
41 virgl_renderer_get_cap_set(resp.capset_id,
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-26 10:02:54 +0000