riscv-gnu-toolchain/qemu.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Klaus Jensen <k.jensen@samsung.com>	2023-08-03 20:44:23 +0200
committer	Klaus Jensen <k.jensen@samsung.com>	2023-08-07 08:51:37 +0200
commit	ecb1b7b082d3b7dceff0e486a114502fc52c0fdf (patch)
tree	0e5b330cfee52ea9e4ef8877931657cbd06c4c8a /tests/qapi-schema/args-array-empty.out
parent	9400601a689a128c25fa9c21e932562e0eeb7a26 (diff)
download	qemu-ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.zip qemu-ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.tar.gz qemu-ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.tar.bz2

hw/nvme: fix oob memory read in fdp events log

As reported by Trend Micro's Zero Day Initiative, an oob memory read vulnerability exists in nvme_fdp_events(). The host-provided offset is not verified. Fix this. This is only exploitable when Flexible Data Placement mode (fdp=on) is enabled. Fixes: CVE-2023-4135 Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reported-by: Trend Micro's Zero Day Initiative Signed-off-by: Klaus Jensen <k.jensen@samsung.com>

Diffstat (limited to 'tests/qapi-schema/args-array-empty.out')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: