]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: edbc173) | patch
qemu: Backport fix for CVE-2023-0330
authorVijay Anusuri <vanusuri@mvista.com>
Mon, 11 Sep 2023 06:39:27 +0000 (12:09 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 11 Sep 2023 14:37:36 +0000 (04:37 -1000)
commit45ce9885351a2344737170e6e810dc67ab3e7ea9
tree51e3cca7fa859093ceb8d31eb4f454c3541f2d05tree | snapshot
parentedbc17315927a711aa9fae7c6cfba61cbf8ab5adcommit | diff
qemu: Backport fix for CVE-2023-0330

A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com

Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556

qemu.git$ git log --no-merges --oneline   --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues

Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/qemu/qemu.inc diff | blob | blame | history
meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch [moved from meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch with 100% similarity] blob | blame | history
meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core