git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Hitendra Prajapati <hprajapati@mvista.com>
	Tue, 3 Sep 2024 08:08:34 +0000 (13:38 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Tue, 3 Sep 2024 15:17:39 +0000 (08:17 -0700)
commit	d84ab04dc66cb83638f96fcd2f4c67e67489c410
tree	c16f7d23c0d7357837f944a474bbc231dbdf957a	tree \| snapshot
parent	6992437d725f9cc88da4261814b69aaadc5ef0f2	commit \| diff

qemu: fix CVE-2024-7409

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack
via improper synchronization during socket closure when a client keeps a socket open as the server
is taken offline.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-7409

Upstream Patches:
https://github.com/qemu/qemu/commit/fb1c2aaa981e0a2fa6362c9985f1296b74f055ac
https://github.com/qemu/qemu/commit/c8a76dbd90c2f48df89b75bef74917f90a59b623
https://gitlab.com/qemu-project/qemu/-/commit/b9b72cb3ce15b693148bd09cef7e50110566d8a0
https://gitlab.com/qemu-project/qemu/-/commit/3e7ef738c8462c45043a1d39f702a0990406a3b3

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/qemu/qemu.inc		diff \| blob \| blame \| history
meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch	[new file with mode: 0644]	blob