From: John Snow <jsnow@redhat.com>
To: qemu-stable@nongnu.org
Cc: peter.maydell@linaro.org, Petr Matousek <pmatouse@redhat.com>,
qemu-devel@nongnu.org, mdroth@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
Date: Wed, 13 May 2015 10:35:25 -0400 [thread overview]
Message-ID: <5553612D.1080506@redhat.com> (raw)
In-Reply-To: <1431527602-29889-2-git-send-email-jsnow@redhat.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 05/13/2015 10:33 AM, John Snow wrote:
> From: Petr Matousek <pmatouse@redhat.com>
>
> During processing of certain commands such as FD_CMD_READ_ID and
> FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get
> out of bounds leading to memory corruption with values coming from
> the guest.
>
> Fix this by making sure that the index is always bounded by the
> allocated memory.
>
> This is CVE-2015-3456.
>
> Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reviewed-by:
> John Snow <jsnow@redhat.com> Signed-off-by: John Snow
> <jsnow@redhat.com> ---
[snip]
Already sent the pull request (at 08:00 EDT this morning) for
inclusion in the master branch, but this will serve as the formal
patch discussion / and request for inclusion into any stable branches
still being maintained.
Thanks.
- --John Snow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVU2EtAAoJEH3vgQaq/DkO+ogP/1D1W2F4hbqV+CDakrCLJagz
wC/XiGmixY+CUHr8z+OjXLtJLkSj2HprdbY3S1ogeJUOLXHUePYGBBEwjjH/Ed7b
TPYjzfEZlmw5UzMIGOIIZfHtOA5Xzsq0Ipqk5PXOXyprm0aDji9ZMwRTkdTbwuYI
kBps6ajkHNkzxIIRO11aWJjiRo0CfIEFZgLrYRVdtixzfgeEHJRfGJJvOA3VIrwD
5yS2tjgpkrj4C4tO/gdOeOUfmiwh5IjSHPVwgEkTABZxe4FFxEs9oGuReKyZFcq9
/60nqJ689+JxMxoPtPcQDvwf9tSmOWG1RRe3m+NwhY3lLuIhmpIDnjABSvFJhUye
v9gd52jf/mOO557iUh/I8JbdZLc8NPcR8C9JC1zGewYFk7lKEsVUUaAyw1QkrrVa
7GfpjjnXeys8HkBgNNmjtLnq6V15rFA5B8Oc0yyhSRXZimIIkF6C+G8pnv8GdonL
n7Sm1nsFnhVeinK37dSDMHBqKqRKGyJE6HRGniP9xMluycxf9mtNMKpBmPmmTHPd
QjjScqrWQTJd12Hlzsh7HnoNNBQ/nG6Om45/PKsoVWaByc7d7XQ0yw3BI3xLxQMb
yzmstCgAg5K+pbt2MJsPBMJCCOuda2scCSWAWVFAX306sdcV5ZUhr6wpnhlCV1lI
UEjPHAmhLUUqrZDQHuH0
=gUNa
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-05-13 14:35 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 14:33 [Qemu-devel] [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer John Snow
2015-05-13 14:33 ` John Snow
2015-05-13 14:35 ` John Snow [this message]
2015-05-13 18:51 ` Stefan Weil
2015-05-13 18:59 ` [Qemu-devel] [Qemu-stable] " Stefan Priebe
2015-05-13 19:04 ` John Snow
2015-05-13 19:06 ` Stefan Priebe
2015-05-13 19:05 ` Stefan Weil
2015-05-13 19:09 ` Stefan Priebe
2015-05-13 19:30 ` Peter Lieven
2015-05-13 19:52 ` Markus Armbruster
2015-05-13 20:02 ` Peter Lieven
2015-05-13 20:03 ` John Snow
2015-05-13 20:04 ` Peter Lieven
2015-05-13 20:54 ` [Qemu-devel] " John Snow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5553612D.1080506@redhat.com \
--to=jsnow@redhat.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=pmatouse@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.