diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch deleted file mode 100644 index 7de5882b3e..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch +++ /dev/null @@ -1,39 +0,0 @@ -QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an -out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() -function. A local attacker with permission to execute i2c commands could exploit -this to read stack memory of the qemu process on the host. - -CVE: CVE-2019-3812 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Tue, 8 Jan 2019 11:23:01 +0100 -Subject: [PATCH] i2c-ddc: fix oob read -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Suggested-by: Michael Hanselmann <public@hansmi.ch> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Reviewed-by: Michael Hanselmann <public@hansmi.ch> -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Message-id: 20190108102301.1957-1-kraxel@redhat.com ---- - hw/i2c/i2c-ddc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c -index be34fe072cf..0a0367ff38f 100644 ---- a/hw/i2c/i2c-ddc.c -+++ b/hw/i2c/i2c-ddc.c -@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c) - I2CDDCState *s = I2CDDC(i2c); - - int value; -- value = s->edid_blob[s->reg]; -+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)]; - s->reg++; - return value; - } |