1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch
new file mode 100644
index 0000000000..1b4fcbfb60
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch
@@ -0,0 +1,29 @@
+vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)
+Call 'vugbm_buffer_destroy' in error path to avoid resource leak.
+Fixes: CVE-2021-3544
+Reported-by: default avatarLi Qiang <liq3ea@163.com>
+Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: default avatarLi Qiang <liq3ea@163.com>
+Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com>
+Message-Id: <20210516030403.107723-3-liq3ea@163.com>
+Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com>
+Upstream-Status: Backport
+[vhost-user-gpu does not exist in 4.2.0]
+CVE: CVE-2021-3544
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c
+===================================================================
+--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c
+++ qemu-4.2.0/contrib/vhost-user-gpu/main.c
+@@ -328,6 +328,7 @@ vg_resource_create_2d(VuGpu *g,
+         g_critical("%s: resource creation failed %d %d %d",
+                    __func__, c2d.resource_id, c2d.width, c2d.height);
+         g_free(res);
+        vugbm_buffer_destroy(&res->buffer);
+         cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
+         return;
+     }

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch new file mode 100644 index 0000000000..1b4fcbfb60 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch
@@ -0,0 +1,29 @@
	1	vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)
	2
	3	Call 'vugbm_buffer_destroy' in error path to avoid resource leak.
	4
	5	Fixes: CVE-2021-3544
	6	Reported-by: default avatarLi Qiang <liq3ea@163.com>
	7	Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
	8	Signed-off-by: default avatarLi Qiang <liq3ea@163.com>
	9	Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com>
	10	Message-Id: <20210516030403.107723-3-liq3ea@163.com>
	11	Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com>
	12
	13	Upstream-Status: Backport
	14	[vhost-user-gpu does not exist in 4.2.0]
	15	CVE: CVE-2021-3544
	16	Signed-off-by: Armin Kuster <akuster@mvista.com>
	17
	18	Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c
	19	===================================================================
	20	--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c
	21	+++ qemu-4.2.0/contrib/vhost-user-gpu/main.c
	22	@@ -328,6 +328,7 @@ vg_resource_create_2d(VuGpu *g,
	23	g_critical("%s: resource creation failed %d %d %d",
	24	__func__, c2d.resource_id, c2d.width, c2d.height);
	25	g_free(res);
	26	+ vugbm_buffer_destroy(&res->buffer);
	27	cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
	28	return;
	29	}