diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2023-09-11 12:09:27 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-09-11 04:37:36 -1000 |
commit | 45ce9885351a2344737170e6e810dc67ab3e7ea9 (patch) | |
tree | 51e3cca7fa859093ceb8d31eb4f454c3541f2d05 /meta/recipes-devtools/qemu/qemu.inc | |
parent | edbc17315927a711aa9fae7c6cfba61cbf8ab5ad (diff) | |
download | openembedded-core-contrib-45ce9885351a2344737170e6e810dc67ab3e7ea9.tar.gz |
qemu: Backport fix for CVE-2023-0330
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556
qemu.git$ git log --no-merges --oneline --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues
Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 3789d77046..2669ba4ec8 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -137,7 +137,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3409-4.patch \ file://CVE-2021-3409-5.patch \ file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ - file://CVE-2023-0330.patch \ + file://CVE-2023-0330_1.patch \ + file://CVE-2023-0330_2.patch \ file://CVE-2023-3354.patch \ file://CVE-2023-3180.patch \ " |