diff options
| author |   Armin Kuster <akuster@mvista.com> | 2019-06-06 17:19:30 -0700 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2019-06-25 07:26:36 -0700 |
| commit | 6045c57895cad301c5e3a94de740427343a08065 (patch) | |
| tree | 7dbfe2343d4d63945af8b00c197931f52476992c | |
| parent | 9d5a7dd654a17b67f5cd8a73145e5f5299bfebcc (diff) | |
| download | openembedded-core-contrib-6045c57895cad301c5e3a94de740427343a08065.tar.gz | |
qemu: Security fix for CVE-2019-12155
Source: qemu.org
MR: 98382
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3
Description:
Fixes CVE-2019-12155
Affects: <= 4.0.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch | 38 | ||||
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu_3.0.0.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch new file mode 100644 index 0000000000..8a5ece51f6 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch @@ -0,0 +1,38 @@ +From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Thu, 25 Apr 2019 12:05:34 +0530 +Subject: [PATCH] qxl: check release info object + +When releasing spice resources in release_resource() routine, +if release info object 'ext.info' is null, it leads to null +pointer dereference. Add check to avoid it. + +Reported-by: Bugs SysSec <bugs-syssec@rub.de> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-id: 20190425063534.32747-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 + +CVE: CVE-2019-12155 +Affects: <= 4.0.0 +Signed-off-by: Armin Kuster <akuster@mvistra.com> +--- + hw/display/qxl.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: qemu-3.0.0/hw/display/qxl.c +=================================================================== +--- qemu-3.0.0.orig/hw/display/qxl.c ++++ qemu-3.0.0/hw/display/qxl.c +@@ -764,6 +764,9 @@ static void interface_release_resource(Q + QXLReleaseRing *ring; + uint64_t *item, id; + ++ if (!ext.info) { ++ return; ++ } + if (ext.group_id == MEMSLOT_GROUP_HOST) { + /* host group -> vga mode update request */ + QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id); diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb b/meta/recipes-devtools/qemu/qemu_3.0.0.bb index 992cf7b1a8..63a6468acd 100644 --- a/meta/recipes-devtools/qemu/qemu_3.0.0.bb +++ b/meta/recipes-devtools/qemu/qemu_3.0.0.bb @@ -31,6 +31,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2018-19364_p1.patch \ file://CVE-2018-19364_p2.patch \ file://CVE-2018-19489.patch \ + file://CVE-2019-12155.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |