Google Git
Sign in
android / platform / external / qemu-android / 3a1d5bcfef75950af05ccf969f44738fadc6a60f
commit3a1d5bcfef75950af05ccf969f44738fadc6a60f[log] [tgz]
authorPetr Matousek <pmatouse@redhat.com>Wed May 06 09:48:59 2015 +0200
committerDavid 'Digit' Turner <digit@google.com>Mon May 18 09:19:58 2015 +0200
treeed034dee07dc0041d43b41a2badce1ccc61fd815
parentbdc770594c8ca4a944fb79a2e6fdf2681890a38d [diff]
Fix VENOM vulnerability for Intel-based systems.

This is a back-port of the upstream fix to the VENOM security
vulnerability, that affects the floppy disk virtual device
implementation.

Upstream origin:
    http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c

Upstream commit message:
	fdc: force the fifo access to be in bounds of the allocated buffer

	During processing of certain commands such as FD_CMD_READ_ID and
	FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
	get out of bounds leading to memory corruption with values coming
	from the guest.

	Fix this by making sure that the index is always bounded by the
	allocated memory.

	This is CVE-2015-3456.

	Signed-off-by: Petr Matousek <pmatouse@redhat.com>
	Reviewed-by: John Snow <jsnow@redhat.com>
	Signed-off-by: John Snow <jsnow@redhat.com>

BUG=21251683

Change-Id: I46c0908fa6ece61f84879a7cf8e60fa45548f7d0
1 file changed
tree: ed034dee07dc0041d43b41a2badce1ccc61fd815
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. libdecnumber/
  15. linux-headers/
  16. linux-user/
  17. net/
  18. pc-bios/
  19. po/
  20. qapi/
  21. qga/
  22. qobject/
  23. qom/
  24. roms/
  25. scripts/
  26. slirp/
  27. stubs/
  28. sysconfigs/
  29. target-alpha/
  30. target-arm/
  31. target-cris/
  32. target-i386/
  33. target-lm32/
  34. target-m68k/
  35. target-microblaze/
  36. target-mips/
  37. target-moxie/
  38. target-openrisc/
  39. target-ppc/
  40. target-s390x/
  41. target-sh4/
  42. target-sparc/
  43. target-tricore/
  44. target-unicore32/
  45. target-xtensa/
  46. tcg/
  47. tests/
  48. trace/
  49. ui/
  50. util/
  51. dtc
  52. pixman
  53. .exrc
  54. .gitignore
  55. .gitmodules
  56. .mailmap
  57. .travis.yml
  58. accel.c
  59. aio-posix.c
  60. aio-win32.c
  61. android-commands.h
  62. android-console.c
  63. android-console.h
  64. arch_init.c
  65. async.c
  66. balloon.c
  67. block-migration.c
  68. block.c
  69. blockdev-nbd.c
  70. blockdev.c
  71. blockjob.c
  72. bootdevice.c
  73. bt-host.c
  74. bt-vhci.c
  75. Changelog
  76. CODING_STYLE
  77. configure
  78. COPYING
  79. COPYING.LIB
  80. coroutine-gthread.c
  81. coroutine-sigaltstack.c
  82. coroutine-ucontext.c
  83. coroutine-win32.c
  84. cpu-exec.c
  85. cpus.c
  86. cputlb.c
  87. device-hotplug.c
  88. device_tree.c
  89. disas.c
  90. dma-helpers.c
  91. dump.c
  92. exec.c
  93. gdbstub.c
  94. HACKING
  95. hmp-commands.hx
  96. hmp.c
  97. hmp.h
  98. iohandler.c
  99. ioport.c
  100. iothread.c
  101. kvm-all.c
  102. kvm-stub.c
  103. LICENSE
  104. main-loop.c
  105. MAINTAINERS
  106. Makefile
  107. Makefile.objs
  108. Makefile.target
  109. memory.c
  110. memory_mapping.c
  111. migration-exec.c
  112. migration-fd.c
  113. migration-rdma.c
  114. migration-tcp.c
  115. migration-unix.c
  116. migration.c
  117. module-common.c
  118. monitor.c
  119. nbd.c
  120. numa.c
  121. os-posix.c
  122. os-win32.c
  123. page_cache.c
  124. qapi-schema.json
  125. qdev-monitor.c
  126. qdict-test-data.txt
  127. qemu-bridge-helper.c
  128. qemu-char.c
  129. qemu-coroutine-io.c
  130. qemu-coroutine-lock.c
  131. qemu-coroutine-sleep.c
  132. qemu-coroutine.c
  133. qemu-doc.texi
  134. qemu-file-stdio.c
  135. qemu-file-unix.c
  136. qemu-file.c
  137. qemu-img-cmds.hx
  138. qemu-img.c
  139. qemu-img.texi
  140. qemu-io-cmds.c
  141. qemu-io.c
  142. qemu-log.c
  143. qemu-nbd.c
  144. qemu-nbd.texi
  145. qemu-options-wrapper.h
  146. qemu-options.h
  147. qemu-options.hx
  148. qemu-seccomp.c
  149. qemu-tech.texi
  150. qemu-timer.c
  151. qemu.nsi
  152. qemu.sasl
  153. qmp-commands.hx
  154. qmp.c
  155. qtest.c
  156. README
  157. rules.mak
  158. savevm.c
  159. softmmu_template.h
  160. spice-qemu-char.c
  161. tcg-runtime.c
  162. tci.c
  163. thread-pool.c
  164. thunk.c
  165. tpm.c
  166. trace-events
  167. translate-all.c
  168. translate-all.h
  169. user-exec.c
  170. VERSION
  171. version.rc
  172. vl.c
  173. vmstate.c
  174. xbzrle.c
  175. xen-common-stub.c
  176. xen-common.c
  177. xen-hvm-stub.c
  178. xen-hvm.c
  179. xen-mapcache.c