]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a11a200) | patch
hw/nvme: fix oob memory read in fdp events log
authorKlaus Jensen <k.jensen@samsung.com>
Thu, 3 Aug 2023 18:44:23 +0000 (20:44 +0200)
committerMichael Tokarev <mjt@tls.msk.ru>
Sun, 10 Sep 2023 16:39:41 +0000 (19:39 +0300)
commitdd496f92b97a9a2d36f83a91d8adae90ba65465a
tree10357e1e273f335ffd473ec40b07327120759dfctree
parenta11a2007a50d6d2b8e57605fc2ec40b9f962df13commit | diff
hw/nvme: fix oob memory read in fdp events log

As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.

Fix this.

This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.

Fixes: CVE-2023-4135
Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
Reported-by: Trend Micro's Zero Day Initiative
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit ecb1b7b082d3b7dceff0e486a114502fc52c0fdf)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
hw/nvme/ctrl.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git