riscv-gnu-toolchain/qemu.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Prasad J Pandit <pjp@fedoraproject.org>	2016-05-23 16:18:05 +0530
committer	Paolo Bonzini <pbonzini@redhat.com>	2016-05-29 09:11:10 +0200
commit	3e831b40e015ba34dfb55ff11f767001839425ff (patch)
tree	fbaa5e3c5ffaacb7ac16319a71732abadcf4df36 /hw/scsi/mptsas.c
parent	60b412dd18362bd4ddc44ba7022aacb6af074b5d (diff)
download	qemu-3e831b40e015ba34dfb55ff11f767001839425ff.zip qemu-3e831b40e015ba34dfb55ff11f767001839425ff.tar.gz qemu-3e831b40e015ba34dfb55ff11f767001839425ff.tar.bz2

scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)

Vmware Paravirtual SCSI emulation uses command descriptors to process SCSI commands. These descriptors come with their ring buffers. A guest could set the ring buffer size to an arbitrary value leading to OOB access issue. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Cc: qemu-stable@nongnu.org Message-Id: <1464000485-27041-1-git-send-email-ppandit@redhat.com> Reviewed-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'hw/scsi/mptsas.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: