ahci: fix buffer overrun on invalid state load - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Michael S. Tsirkin	2014-04-03 18:51:18 +0200
committer	Juan Quintela	2014-05-05 22:15:02 +0200
commit	ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5 (patch)
tree	a18a6b4d8f9757771f9c8ad043750b4b20dd6e4a /linux-headers
parent	virtio: out-of-bounds buffer write on invalid state load (diff)
download	qemu-ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5.tar.gz qemu-ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5.tar.xz qemu-ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5.zip

ahci: fix buffer overrun on invalid state load

CVE-2013-4526 Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So we use the old version of ports to read the array but then allow any value for ports. This can cause the code to overflow. There's no reason to migrate ports - it never changes. So just make sure it matches. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com>

Diffstat (limited to 'linux-headers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: