qemu: Fix CVE-2023-3180 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2023-10-04 11:05:58 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-10-11 03:54:46 -1000
commit	ae2c4f104b4c5ed5d6e7fc138e34b75c44eb9d96 (patch)
tree	49aefc111eadbe03091d0a77d523bedf0c09289c /scripts/lib/buildstats.py
parent	c71b397ea0e5853f4c6de9656af63afc89eead14 (diff)
download	poky-ae2c4f104b4c5ed5d6e7fc138e34b75c44eb9d96.tar.gz

qemu: Fix CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. References: https://nvd.nist.gov/vuln/detail/CVE-2023-3180 (From OE-Core rev: 2038b5e977481cac2e9e35101a467fbd5268231e) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/buildstats.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: