diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2017-09-21 08:34:37 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-09-22 17:14:44 +0100 |
| commit | acc5036a6b74a76d719e6f7224a398f47df4a041 (patch) | |
| tree | a67813a440c8aed54814e9c67138de5b04ccd324 /meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch | |
| parent | d303f61e28b0ecc2352739a07680bfdeb3544080 (diff) | |
| download | openembedded-core-contrib-acc5036a6b74a76d719e6f7224a398f47df4a041.tar.gz | |
qemu: Security fixes
Fix CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-14167
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13672
https://nvd.nist.gov/vuln/detail/CVE-2017-13673
https://nvd.nist.gov/vuln/detail/CVE-2017-13711
https://nvd.nist.gov/vuln/detail/CVE-2017-14167
Patches from:
CVE-2017-13672:
https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CVE-2017-13673:
https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3
CVE-2017-13711:
https://git.qemu.org/?p=qemu.git;a=commit;h=1201d308519f1e915866d7583d5136d03cc1d384
CVE-2017-14167:
https://git.qemu.org/?p=qemu.git;a=commit;h=ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch b/meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch new file mode 100644 index 0000000000..3d0695fd66 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch @@ -0,0 +1,53 @@ +From e65294157d4b69393b3f819c99f4f647452b48e3 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Mon, 28 Aug 2017 14:33:07 +0200 +Subject: [PATCH] vga: fix display update region calculation (split screen) + +vga display update mis-calculated the region for the dirty bitmap +snapshot in case split screen mode is used. This can trigger an +assert in cpu_physical_memory_snapshot_get_dirty(). + +Impact: DoS for privileged guest users. + +Fixes: CVE-2017-13673 +Fixes: fec5e8c92becad223df9d972770522f64aafdb72 +Cc: P J P <ppandit@redhat.com> +Reported-by: David Buchanan <d@vidbuchanan.co.uk> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 20170828123307.15392-1-kraxel@redhat.com + +Upstream-Status: Backport +[https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3] + +CVE: CVE-2017-13673 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + hw/display/vga.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/hw/display/vga.c b/hw/display/vga.c +index 3433102..ad7a465 100644 +--- a/hw/display/vga.c ++++ b/hw/display/vga.c +@@ -1628,9 +1628,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) + y1 = 0; + + if (!full_update) { ++ ram_addr_t region_start = addr1; ++ ram_addr_t region_end = addr1 + line_offset * height; + vga_sync_dirty_bitmap(s); +- snap = memory_region_snapshot_and_clear_dirty(&s->vram, addr1, +- line_offset * height, ++ if (s->line_compare < height) { ++ /* split screen mode */ ++ region_start = 0; ++ } ++ snap = memory_region_snapshot_and_clear_dirty(&s->vram, region_start, ++ region_end - region_start, + DIRTY_MEMORY_VGA); + } + +-- +2.7.4 + |