Re: [PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_

From:	Gerd Hoffmann
Subject:	Re: [PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)
Date:	Tue, 16 Aug 2022 11:02:52 +0200

> +
> +        /*
> +         * According to the xHCI spec, Transfer Ring segments should have
> +         * a maximum size of 64 kB (see chapter "6 Data Structures")
> +         */
> +    } while (length < TRB_LINK_LIMIT * 65536 / TRB_SIZE);

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394), Thomas Huth, 2022/08/04
- Re: [PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394), Mauro Matteo Cascella, 2022/08/05
- Re: [PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394), Gerd Hoffmann <=

Prev by Date: Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory
Next by Date: [PATCH v2] xio3130_upstream: Add ACS (Access Control Services) capability
Previous by thread: Re: [PATCH v2 for-7.1] hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)
Next by thread: [PATCH] pc: add property for Linux setup_data seed
Index(es):
- Date
- Thread