diff options
| author |   Armin Kuster <akuster@mvista.com> | 2021-08-23 21:27:41 -0700 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2021-08-24 04:53:19 -1000 |
| commit | eca0abf120709fab20da1a2c190d04191733f5ed (patch) | |
| tree | 96edc8e709dcbdc3426784f6403b007186530b89 /meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch | |
| parent | 1317053b23e1a4c1e5c7331a97f248e042415bea (diff) | |
| download | openembedded-core-eca0abf120709fab20da1a2c190d04191733f5ed.tar.gz | |
qemu: Security fix CVE-2021-3544
Source: qemu.org
MR: 111833
Type: Security Fix
Disposition: Backport from https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac..63736af5
ChangeID: 7f301e939cf9d1fdb826ac47d1fc96430086a68e
Description:
https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac
https://gitlab.com/qemu-project/qemu/-/commit/b9f79858
https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf
Tweeked the above patches as vhost-user-gpu.c does not exist.
https://gitlab.com/qemu-project/qemu/-/commit/f6091d86
https://gitlab.com/qemu-project/qemu/-/commit/63736af5
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch new file mode 100644 index 0000000000..36cbb127f8 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch @@ -0,0 +1,39 @@ +vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) + + +Check whether the 'res' has already been attach_backing to avoid +memory leak. + +Fixes: CVE-2021-3544 +Reported-by: default avatarLi Qiang <liq3ea@163.com> +virtio-gpu fix: 204f01b3 + + ("virtio-gpu: fix memory leak + in resource attach backing") + Signed-off-by: default avatarLi Qiang <liq3ea@163.com> + Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com> + Message-Id: <20210516030403.107723-4-liq3ea@163.com> + Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +[vhost-user-gpu does not exist in 4.2.0 context] +CVE: CVE-2021-3544 +Signed-off-by: Armin Kuster <akuster@mvista.com> + + +Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/main.c +@@ -468,6 +468,11 @@ vg_resource_attach_backing(VuGpu *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = vg_create_mapping_iov(g, &ab, cmd, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; |