1 files changed, 0 insertions, 39 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
deleted file mode 100644
index 7de5882b3e..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
-out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
-function. A local attacker with permission to execute i2c commands could exploit
-this to read stack memory of the qemu process on the host.
-CVE: CVE-2019-3812
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 8 Jan 2019 11:23:01 +0100
-Subject: [PATCH] i2c-ddc: fix oob read
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Suggested-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190108102301.1957-1-kraxel@redhat.com
---
- hw/i2c/i2c-ddc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
-index be34fe072cf..0a0367ff38f 100644
--- a/hw/i2c/i2c-ddc.c
-+++ b/hw/i2c/i2c-ddc.c
-@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
-     I2CDDCState *s = I2CDDC(i2c);
- 
-     int value;
-    value = s->edid_blob[s->reg];
-+    value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
-     s->reg++;
-     return value;
- }

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch deleted file mode 100644 index 7de5882b3e..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch +++ /dev/null
@@ -1,39 +0,0 @@
1	QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
2	out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
3	function. A local attacker with permission to execute i2c commands could exploit
4	this to read stack memory of the qemu process on the host.
5
6	CVE: CVE-2019-3812
7	Upstream-Status: Backport
8	Signed-off-by: Ross Burton <ross.burton@intel.com>
9
10	From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
11	From: Gerd Hoffmann <kraxel@redhat.com>
12	Date: Tue, 8 Jan 2019 11:23:01 +0100
13	Subject: [PATCH] i2c-ddc: fix oob read
14	MIME-Version: 1.0
15	Content-Type: text/plain; charset=UTF-8
16	Content-Transfer-Encoding: 8bit
17
18	Suggested-by: Michael Hanselmann <public@hansmi.ch>
19	Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
20	Reviewed-by: Michael Hanselmann <public@hansmi.ch>
21	Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
22	Message-id: 20190108102301.1957-1-kraxel@redhat.com
23	---
24	hw/i2c/i2c-ddc.c \| 2 +-
25	1 file changed, 1 insertion(+), 1 deletion(-)
26
27	diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
28	index be34fe072cf..0a0367ff38f 100644
29	--- a/hw/i2c/i2c-ddc.c
30	+++ b/hw/i2c/i2c-ddc.c
31	@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
32	I2CDDCState *s = I2CDDC(i2c);
33
34	int value;
35	- value = s->edid_blob[s->reg];
36	+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
37	s->reg++;
38	return value;
39	}