nvme: fix oob access issue(CVE-2018-16847) - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Li Qiang	2018-11-02 02:22:43 +0100
committer	Kevin Wolf	2018-11-19 12:51:16 +0100
commit	5e3c0220d7e4f0361c4d36c697a8842f2b583402 (patch)
tree	0b640cc5db681adc5ee152ac0d35b1054573da63 /include/exec
parent	MAINTAINERS: clarify some of the tags (diff)
download	qemu-5e3c0220d7e4f0361c4d36c697a8842f2b583402.tar.gz qemu-5e3c0220d7e4f0361c4d36c697a8842f2b583402.tar.xz qemu-5e3c0220d7e4f0361c4d36c697a8842f2b583402.zip

nvme: fix oob access issue(CVE-2018-16847)

Currently, the nvme_cmb_ops mr doesn't check the addr and size. This can lead an oob access issue. This is triggerable in the guest. Add check to avoid this issue. Fixes CVE-2018-16847. Reported-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Li Qiang <liq3ea@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Diffstat (limited to 'include/exec')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: