From ba7ac22f2ed783fd4b304c4e3ca0d1203475a81f Mon Sep 17 00:00:00 2001
From: Yogita Urade <yogita.urade@windriver.com>
Date: Thu, 5 Oct 2023 11:12:52 +0000
Subject: qemu: fix CVE-2023-42467

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset
in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not
prevent s->qdev.blocksize from being 256. This stops QEMU and the guest
immediately.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-42467
https://gitlab.com/qemu-project/qemu/-/issues/1813

(From OE-Core rev: 7c42b976d7a72acf917bae9d055768a1350e507d)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/qemu/qemu.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-devtools/qemu/qemu.inc')

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 9664b747b3..b331f87c0d 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -35,6 +35,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://fixmips.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
+	   file://CVE-2023-42467.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
-- 
cgit v1.2.3-54-g00ecf