Google Git
Sign in
qemu / qemu / ecb1b7b082d3b7dceff0e486a114502fc52c0fdf
commitecb1b7b082d3b7dceff0e486a114502fc52c0fdf[log] [tgz]
authorKlaus Jensen <k.jensen@samsung.com>Thu Aug 03 20:44:23 2023 +0200
committerKlaus Jensen <k.jensen@samsung.com>Mon Aug 07 08:51:37 2023 +0200
tree0e5b330cfee52ea9e4ef8877931657cbd06c4c8a
parent9400601a689a128c25fa9c21e932562e0eeb7a26 [diff]
hw/nvme: fix oob memory read in fdp events log

As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.

Fix this.

This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.

Fixes: CVE-2023-4135
Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
Reported-by: Trend Micro's Zero Day Initiative
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
1 file changed
tree: 0e5b330cfee52ea9e4ef8877931657cbd06c4c8a
  1. .github/
  2. .gitlab/
  3. .gitlab-ci.d/
  4. accel/
  5. audio/
  6. authz/
  7. backends/
  8. block/
  9. bsd-user/
  10. chardev/
  11. common-user/
  12. configs/
  13. contrib/
  14. crypto/
  15. disas/
  16. docs/
  17. dump/
  18. ebpf/
  19. fpu/
  20. fsdev/
  21. gdb-xml/
  22. gdbstub/
  23. host/
  24. hw/
  25. include/
  26. io/
  27. libdecnumber/
  28. linux-headers/
  29. linux-user/
  30. migration/
  31. monitor/
  32. nbd/
  33. net/
  34. pc-bios/
  35. plugins/
  36. po/
  37. python/
  38. qapi/
  39. qga/
  40. qobject/
  41. qom/
  42. replay/
  43. roms/
  44. scripts/
  45. scsi/
  46. semihosting/
  47. softmmu/
  48. stats/
  49. storage-daemon/
  50. stubs/
  51. subprojects/
  52. target/
  53. tcg/
  54. tests/
  55. tools/
  56. trace/
  57. ui/
  58. util/
  59. .dir-locals.el
  60. .editorconfig
  61. .exrc
  62. .gdbinit
  63. .git-blame-ignore-revs
  64. .gitattributes
  65. .gitignore
  66. .gitlab-ci.yml
  67. .gitmodules
  68. .gitpublish
  69. .mailmap
  70. .patchew.yml
  71. .readthedocs.yml
  72. .travis.yml
  73. block.c
  74. blockdev-nbd.c
  75. blockdev.c
  76. blockjob.c
  77. configure
  78. COPYING
  79. COPYING.LIB
  80. cpu.c
  81. cpus-common.c
  82. event-loop-base.c
  83. gitdm.config
  84. hmp-commands-info.hx
  85. hmp-commands.hx
  86. iothread.c
  87. job-qmp.c
  88. job.c
  89. Kconfig
  90. Kconfig.host
  91. LICENSE
  92. MAINTAINERS
  93. Makefile
  94. memory_ldst.c.inc
  95. meson.build
  96. meson_options.txt
  97. module-common.c
  98. os-posix.c
  99. os-win32.c
  100. page-vary-common.c
  101. page-vary.c
  102. qemu-bridge-helper.c
  103. qemu-edid.c
  104. qemu-img-cmds.hx
  105. qemu-img.c
  106. qemu-io-cmds.c
  107. qemu-io.c
  108. qemu-keymap.c
  109. qemu-nbd.c
  110. qemu-options.hx
  111. qemu.nsi
  112. qemu.sasl
  113. README.rst
  114. replication.c
  115. trace-events
  116. VERSION
  117. version.rc