Google Git
Sign in
qemu / qemu / 5e3c0220d7e4f0361c4d36c697a8842f2b583402
commit5e3c0220d7e4f0361c4d36c697a8842f2b583402[log] [tgz]
authorLi Qiang <liq3ea@gmail.com>Thu Nov 01 18:22:43 2018 -0700
committerKevin Wolf <kwolf@redhat.com>Mon Nov 19 12:51:16 2018 +0100
tree0b640cc5db681adc5ee152ac0d35b1054573da63
parent9436e082de18b2fb2ceed2e9d1beef641ae64f23 [diff]
nvme: fix oob access issue(CVE-2018-16847)

Currently, the nvme_cmb_ops mr doesn't check the addr and size.
This can lead an oob access issue. This is triggerable in the guest.
Add check to avoid this issue.

Fixes CVE-2018-16847.

Reported-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
1 file changed
tree: 0b640cc5db681adc5ee152ac0d35b1054573da63
  1. accel/
  2. audio/
  3. backends/
  4. block/
  5. bsd-user/
  6. chardev/
  7. contrib/
  8. crypto/
  9. default-configs/
  10. disas/
  11. docs/
  12. fpu/
  13. fsdev/
  14. gdb-xml/
  15. hw/
  16. include/
  17. io/
  18. libdecnumber/
  19. linux-headers/
  20. linux-user/
  21. migration/
  22. nbd/
  23. net/
  24. pc-bios/
  25. po/
  26. qapi/
  27. qga/
  28. qobject/
  29. qom/
  30. replay/
  31. roms/
  32. scripts/
  33. scsi/
  34. slirp/
  35. stubs/
  36. target/
  37. tcg/
  38. tests/
  39. trace/
  40. ui/
  41. util/
  42. capstone
  43. dtc
  44. .dir-locals.el
  45. .editorconfig
  46. .exrc
  47. .gdbinit
  48. .gitignore
  49. .gitmodules
  50. .gitpublish
  51. .mailmap
  52. .shippable.yml
  53. .travis.yml
  54. arch_init.c
  55. balloon.c
  56. block.c
  57. blockdev-nbd.c
  58. blockdev.c
  59. blockjob.c
  60. bootdevice.c
  61. bt-host.c
  62. bt-vhci.c
  63. Changelog
  64. CODING_STYLE
  65. configure
  66. COPYING
  67. COPYING.LIB
  68. cpus-common.c
  69. cpus.c
  70. device-hotplug.c
  71. device_tree.c
  72. disas.c
  73. dma-helpers.c
  74. dump.c
  75. exec.c
  76. gdbstub.c
  77. HACKING
  78. hmp-commands-info.hx
  79. hmp-commands.hx
  80. hmp.c
  81. hmp.h
  82. ioport.c
  83. iothread.c
  84. job-qmp.c
  85. job.c
  86. LICENSE
  87. MAINTAINERS
  88. Makefile
  89. Makefile.objs
  90. Makefile.target
  91. memory.c
  92. memory_ldst.inc.c
  93. memory_mapping.c
  94. module-common.c
  95. monitor.c
  96. numa.c
  97. os-posix.c
  98. os-win32.c
  99. qdev-monitor.c
  100. qdict-test-data.txt
  101. qemu-bridge-helper.c
  102. qemu-deprecated.texi
  103. qemu-doc.texi
  104. qemu-edid.c
  105. qemu-ga.texi
  106. qemu-img-cmds.hx
  107. qemu-img.c
  108. qemu-img.texi
  109. qemu-io-cmds.c
  110. qemu-io.c
  111. qemu-keymap.c
  112. qemu-nbd.c
  113. qemu-nbd.texi
  114. qemu-option-trace.texi
  115. qemu-options-wrapper.h
  116. qemu-options.h
  117. qemu-options.hx
  118. qemu-seccomp.c
  119. qemu-tech.texi
  120. qemu.nsi
  121. qemu.sasl
  122. qmp.c
  123. qtest.c
  124. README
  125. replication.c
  126. replication.h
  127. rules.mak
  128. thunk.c
  129. tpm.c
  130. trace-events
  131. VERSION
  132. version.rc
  133. vl.c
  134. win_dump.c
  135. win_dump.h