qemu: Security fix CVE-2016-4439 - openembedded-core

diff options

author	Adrian Dudau <adrian.dudau@enea.com>	2016-11-03 14:18:00 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-05-18 13:13:34 +0100
commit	1bc071172236ea020cac9db96e33de81950a15ff (patch)
tree	a0931bab19520b1493cbf1e7bb2d09e760499e49 /meta-selftest
parent	d32af0298ddfa88478f485aaffe2d36c69e1d9d6 (diff)
download	openembedded-core-1bc071172236ea020cac9db96e33de81950a15ff.tar.gz

qemu: Security fix CVE-2016-4439

affects qemu < 2.7.0 Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation support is vulnerable to an OOB write access issue. The controller uses 16-byte FIFO buffer for command and data transfer. The OOB write occurs while writing to this command buffer in routine get_cmd(). A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. References: ---------- http://www.openwall.com/lists/oss-security/2016/05/19/4 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4441 Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-selftest')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: