net: vmxnet3: validate configuration values during activate (CVE-2021-20203) - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Prasad J Pandit	2021-01-30 14:16:52 +0100
committer	Jason Wang	2021-11-19 04:43:47 +0100
commit	d05dcd94aee88728facafb993c7280547eb4d645 (patch)
tree	cbf25f7888dd78e4e57050732219e5edb6716898 /net
parent	Merge tag 'sev-hashes-pull-request' of https://gitlab.com/berrange/qemu into ... (diff)
download	qemu-d05dcd94aee88728facafb993c7280547eb4d645.tar.gz qemu-d05dcd94aee88728facafb993c7280547eb4d645.tar.xz qemu-d05dcd94aee88728facafb993c7280547eb4d645.zip

net: vmxnet3: validate configuration values during activate (CVE-2021-20203)

While activating device in vmxnet3_acticate_device(), it does not validate guest supplied configuration values against predefined minimum - maximum limits. This may lead to integer overflow or OOB access issues. Add checks to avoid it. Fixes: CVE-2021-20203 Buglink: https://bugs.launchpad.net/qemu/+bug/1913873 Reported-by: Gaoning Pan <pgn@zju.edu.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>

Diffstat (limited to 'net')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: