qemu: fix CVE-2023-3180 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2023-08-14 07:42:27 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-08-19 05:56:58 -1000
commit	0ffefc4b62d7f863885cecb6b1d7b54b42852255 (patch)
tree	0b5ce8857f3218999bb881d26d51c787f4870e62 /scripts/lib/devtool/package.py
parent	ef8a18fd3b9a766ddf541b38832f11db95aee014 (diff)
download	poky-0ffefc4b62d7f863885cecb6b1d7b54b42852255.tar.gz

qemu: fix CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. References: https://nvd.nist.gov/vuln/detail/CVE-2023-3180 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f (From OE-Core rev: de421cab92c49ba0f068eae9d6b458a0368fcd03) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/package.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: