[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] d05dcd: net: vmxnet3: validate configuration
From: |
Richard Henderson |
Subject: |
[Qemu-commits] [qemu/qemu] d05dcd: net: vmxnet3: validate configuration values during... |
Date: |
Fri, 19 Nov 2021 02:01:31 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: d05dcd94aee88728facafb993c7280547eb4d645
https://github.com/qemu/qemu/commit/d05dcd94aee88728facafb993c7280547eb4d645
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-11-19 (Fri, 19 Nov 2021)
Changed paths:
M hw/net/vmxnet3.c
Log Message:
-----------
net: vmxnet3: validate configuration values during activate (CVE-2021-20203)
While activating device in vmxnet3_acticate_device(), it does not
validate guest supplied configuration values against predefined
minimum - maximum limits. This may lead to integer overflow or
OOB access issues. Add checks to avoid it.
Fixes: CVE-2021-20203
Buglink: https://bugs.launchpad.net/qemu/+bug/1913873
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Commit: fb5eca4a571e303aafac7130abd66adc184aae72
https://github.com/qemu/qemu/commit/fb5eca4a571e303aafac7130abd66adc184aae72
Author: Zhang Chen <chen.zhang@intel.com>
Date: 2021-11-19 (Fri, 19 Nov 2021)
Changed paths:
M net/colo-compare.c
Log Message:
-----------
net/colo-compare.c: Fix ACK track reverse issue
The TCP protocol ACK maybe bigger than uint32_t MAX.
At this time, the ACK will reverse to 0. This patch
fix the max_ack and min_ack track issue.
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Commit: 0656fbc7ddccdade1709742a9b56ae07dd3c280a
https://github.com/qemu/qemu/commit/0656fbc7ddccdade1709742a9b56ae07dd3c280a
Author: Zhang Chen <chen.zhang@intel.com>
Date: 2021-11-19 (Fri, 19 Nov 2021)
Changed paths:
M net/colo-compare.c
Log Message:
-----------
net/colo-compare.c: Fix incorrect return when input wrong size
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Commit: 3760a04c352f8d255b247211f6da07ac99f1630a
https://github.com/qemu/qemu/commit/3760a04c352f8d255b247211f6da07ac99f1630a
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2021-11-19 (Fri, 19 Nov 2021)
Changed paths:
M hw/net/vmxnet3.c
M net/colo-compare.c
Log Message:
-----------
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# gpg: Signature made Fri 19 Nov 2021 04:45:32 AM CET
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat)
<jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net/colo-compare.c: Fix incorrect return when input wrong size
net/colo-compare.c: Fix ACK track reverse issue
net: vmxnet3: validate configuration values during activate (CVE-2021-20203)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Compare: https://github.com/qemu/qemu/compare/44a3aa0608f0...3760a04c352f