]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4787501) | patch
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
authorMarcel Apfelbaum <marcel@redhat.com>
Wed, 16 Jun 2021 11:06:00 +0000 (14:06 +0300)
committerMichael Roth <michael.roth@amd.com>
Mon, 18 Oct 2021 01:27:12 +0000 (20:27 -0500)
commitd25db58213557663140afb57bf3416b93a93a3e6
treebe782aaa29d22d765277d0935f7330272c95dbb2tree
parent4787501893f8b18e84f4d72ccbea4854ad9f5c9bcommit | diff
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)

Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.

Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
(cherry picked from commit 284f191b4abad213aed04cb0458e1600fd18d7c4)
Signed-off-by: Michael Roth <michael.roth@amd.com>
hw/rdma/vmw/pvrdma_cmd.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git