Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.14 2023-10-25T14:45:50+00:00 2023-10-25T14:45:50+00:00 Lee Chee Yang chee.yang.lee@intel.com 2023-10-19T05:48:40+00:00 urn:sha1:7725c28871d1d8624e5f7f5c0536d2a2f0d68a02 (From OE-Core rev: a1256b8fa415002eee78427cc292b866570ee267) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-09-18T14:28:03+00:00 Yogita Urade yogita.urade@windriver.com 2023-09-07T08:50:16+00:00 urn:sha1:062cbf2be7c55a938caf0a3595a7bb99c0d6f2db QEMU: ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-3638 https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html (From OE-Core rev: ebbdbb68a7804accd5430dd05f7899599ddbacd8) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-19T15:56:58+00:00 Archana Polampalli archana.polampalli@windriver.com 2023-08-14T07:42:27+00:00 urn:sha1:0ffefc4b62d7f863885cecb6b1d7b54b42852255 A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. References: https://nvd.nist.gov/vuln/detail/CVE-2023-3180 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f (From OE-Core rev: de421cab92c49ba0f068eae9d6b458a0368fcd03) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-19T15:56:58+00:00 Vivek Kumbhar vkumbhar@mvista.com 2023-08-10T09:41:02+00:00 urn:sha1:ab548842efd4d4e238880a88ac9de5ddb7d27798 (From OE-Core rev: 42859fe600e5dddba3c51fa8d1e680721b73e5dc) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-19T15:56:58+00:00 Yogita Urade yogita.urade@windriver.com 2023-08-09T06:47:59+00:00 urn:sha1:4869a1f60e31a31d1d5296e93a3f76af4c06f28b QEMU: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c Reference: https://gitlab.com/qemu-project/qemu/-/issues/646 (From OE-Core rev: 057f4f77ac2e83f99c916dceb4cbbcc8de448ad4) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-07T14:40:43+00:00 Archana Polampalli archana.polampalli@windriver.com 2023-08-01T04:20:03+00:00 urn:sha1:ae7992e3b7b688e1e06b20c92aaa60af01f6bbbb 9pfs: prevent opening special files References: https://nvd.nist.gov/vuln/detail/CVE-2023-2861 Upstream patches: https://github.com/qemu/qemu/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 (From OE-Core rev: 9bd4ddeb4b5efc65b0514d50d6991211271924c1) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-07T14:40:43+00:00 Archana Polampalli archana.polampalli@windriver.com 2023-08-01T04:18:44+00:00 urn:sha1:76f6267368fa6e3475b5ee94f00c188624ae5236 VNC: infinite loop in inflate_buffer() leads to denial of service References: https://nvd.nist.gov/vuln/detail/CVE-2023-3255 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/d921fea338c1059a27ce7b75309d7a2e485f710b (From OE-Core rev: 52711b1392ed0c5cbe4ddf70a94b21be2f4e6e58) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-07T14:40:43+00:00 Archana Polampalli archana.polampalli@windriver.com 2023-08-01T04:17:46+00:00 urn:sha1:2587c36e870ed0b4363e59444bad160b46e8959b qemu: hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest References: https://nvd.nist.gov/vuln/detail/CVE-2023-3301 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 (From OE-Core rev: f549ff6db018f66a80fc65987675e8bb6afcd002) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-07-26T15:20:36+00:00 Vijay Anusuri vanusuri@mvista.com 2023-07-18T06:01:04+00:00 urn:sha1:81874924a71fb6061ae1eb27186bab8f74dea60c import patch from ubuntu to fix CVE-2023-0330 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75] (From OE-Core rev: aae5bf06ad3c67386544f9da55aa21fbf32c3418) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-05-03T14:17:12+00:00 Virendra Thakur virendrak@kpit.com 2023-04-27T09:09:23+00:00 urn:sha1:f821e134f8429e2b307928ac524e7f7a355a1956 This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664 (From OE-Core rev: c812189760292ae39f7c10cfbde8f11130cce085) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>