1 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch
new file mode 100644
index 0000000000..ffce610f79
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch
@@ -0,0 +1,54 @@
+From 9157dd597d293ab7f599f4d96c3fe8a6e07c633d Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
+Date: Wed, 3 Jun 2020 19:59:16 +0200
+Subject: [PATCH] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+Only SCSD cards support Class 6 (Block Oriented Write Protection)
+commands.
+  "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01"
+  4.3.14 Command Functional Difference in Card Capacity Types
+  * Write Protected Group
+  SDHC and SDXC do not support write-protected groups. Issuing
+  CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error.
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Philippe Mathieu-DaudÃ© <f4bug@amsat.org>
+Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Message-Id: <20200630133912.9428-7-f4bug@amsat.org>
+Upstram-Status: Backport:
+https://git.qemu.org/?p=qemu.git;a=commit;h=9157dd597d293ab7f599f4d96c3fe8a6e07c633d
+CVE: CVE-2020-13253
+Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
+---
+ hw/sd/sd.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/hw/sd/sd.c b/hw/sd/sd.c
+index 5137168..1cc16bf 100644
+--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
+@@ -920,6 +920,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
+         sd->multi_blk_cnt = 0;
+     }
+ 
+    if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
+        /* Only Standard Capacity cards support class 6 commands */
+        return sd_illegal;
+    }
+
+     switch (req.cmd) {
+     /* Basic commands (Class 0 and Class 1) */
+     case 0:    /* CMD0:   GO_IDLE_STATE */
+-- 
+1.8.3.1

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch new file mode 100644 index 0000000000..ffce610f79 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch
@@ -0,0 +1,54 @@
	1	From 9157dd597d293ab7f599f4d96c3fe8a6e07c633d Mon Sep 17 00:00:00 2001
	2	From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
	3	Date: Wed, 3 Jun 2020 19:59:16 +0200
	4	Subject: [PATCH] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=utf8
	7	Content-Transfer-Encoding: 8bit
	8
	9	Only SCSD cards support Class 6 (Block Oriented Write Protection)
	10	commands.
	11
	12	"SD Specifications Part 1 Physical Layer Simplified Spec. v3.01"
	13
	14	4.3.14 Command Functional Difference in Card Capacity Types
	15
	16	* Write Protected Group
	17
	18	SDHC and SDXC do not support write-protected groups. Issuing
	19	CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error.
	20
	21	Cc: qemu-stable@nongnu.org
	22	Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
	23	Signed-off-by: Philippe Mathieu-DaudÃ© <f4bug@amsat.org>
	24	Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
	25	Message-Id: <20200630133912.9428-7-f4bug@amsat.org>
	26
	27	Upstram-Status: Backport:
	28	https://git.qemu.org/?p=qemu.git;a=commit;h=9157dd597d293ab7f599f4d96c3fe8a6e07c633d
	29
	30	CVE: CVE-2020-13253
	31
	32	Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
	33	---
	34	hw/sd/sd.c \| 5 +++++
	35	1 file changed, 5 insertions(+)
	36
	37	diff --git a/hw/sd/sd.c b/hw/sd/sd.c
	38	index 5137168..1cc16bf 100644
	39	--- a/hw/sd/sd.c
	40	+++ b/hw/sd/sd.c
	41	@@ -920,6 +920,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
	42	sd->multi_blk_cnt = 0;
	43	}
	44
	45	+ if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
	46	+ /* Only Standard Capacity cards support class 6 commands */
	47	+ return sd_illegal;
	48	+ }
	49	+
	50	switch (req.cmd) {
	51	/* Basic commands (Class 0 and Class 1) */
	52	case 0: /* CMD0: GO_IDLE_STATE */
	53	--
	54	1.8.3.1