diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch new file mode 100644 index 0000000000..ffce610f79 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From 9157dd597d293ab7f599f4d96c3fe8a6e07c633d Mon Sep 17 00:00:00 2001 | ||
2 | From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> | ||
3 | Date: Wed, 3 Jun 2020 19:59:16 +0200 | ||
4 | Subject: [PATCH] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=utf8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Only SCSD cards support Class 6 (Block Oriented Write Protection) | ||
10 | commands. | ||
11 | |||
12 | "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" | ||
13 | |||
14 | 4.3.14 Command Functional Difference in Card Capacity Types | ||
15 | |||
16 | * Write Protected Group | ||
17 | |||
18 | SDHC and SDXC do not support write-protected groups. Issuing | ||
19 | CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error. | ||
20 | |||
21 | Cc: qemu-stable@nongnu.org | ||
22 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
23 | Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> | ||
24 | Reviewed-by: Alistair Francis <alistair.francis@wdc.com> | ||
25 | Message-Id: <20200630133912.9428-7-f4bug@amsat.org> | ||
26 | |||
27 | Upstram-Status: Backport: | ||
28 | https://git.qemu.org/?p=qemu.git;a=commit;h=9157dd597d293ab7f599f4d96c3fe8a6e07c633d | ||
29 | |||
30 | CVE: CVE-2020-13253 | ||
31 | |||
32 | Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> | ||
33 | --- | ||
34 | hw/sd/sd.c | 5 +++++ | ||
35 | 1 file changed, 5 insertions(+) | ||
36 | |||
37 | diff --git a/hw/sd/sd.c b/hw/sd/sd.c | ||
38 | index 5137168..1cc16bf 100644 | ||
39 | --- a/hw/sd/sd.c | ||
40 | +++ b/hw/sd/sd.c | ||
41 | @@ -920,6 +920,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) | ||
42 | sd->multi_blk_cnt = 0; | ||
43 | } | ||
44 | |||
45 | + if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { | ||
46 | + /* Only Standard Capacity cards support class 6 commands */ | ||
47 | + return sd_illegal; | ||
48 | + } | ||
49 | + | ||
50 | switch (req.cmd) { | ||
51 | /* Basic commands (Class 0 and Class 1) */ | ||
52 | case 0: /* CMD0: GO_IDLE_STATE */ | ||
53 | -- | ||
54 | 1.8.3.1 | ||