[thud][PATCH] qemu: Security fix for CVE-2019-12155

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [thud][PATCH] qemu: Security fix for CVE-2019-12155
@ 2019-06-07  0:25 Armin Kuster
  2019-06-08  4:10 ` ✗ patchtest: failure for " Patchwork
  0 siblings, 1 reply; 2+ messages in thread
From: Armin Kuster @ 2019-06-07  0:25 UTC (permalink / raw)
  To: openembedded-core; +Cc: Armin Kuster

From: Armin Kuster <akuster@mvista.com>

Source: qemu.org
MR: 98382
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3
Description:

Fixes CVE-2019-12155
Affects: <= 4.0.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 .../qemu/qemu/CVE-2019-12155.patch                 | 38 ++++++++++++++++++++++
 meta/recipes-devtools/qemu/qemu_3.0.0.bb           |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
new file mode 100644
index 0000000..8a5ece5
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
@@ -0,0 +1,38 @@
+From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Apr 2019 12:05:34 +0530
+Subject: [PATCH] qxl: check release info object
+
+When releasing spice resources in release_resource() routine,
+if release info object 'ext.info' is null, it leads to null
+pointer dereference. Add check to avoid it.
+
+Reported-by: Bugs SysSec <bugs-syssec@rub.de>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20190425063534.32747-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport
+https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
+
+CVE: CVE-2019-12155
+Affects: <= 4.0.0
+Signed-off-by: Armin Kuster <akuster@mvistra.com>
+---
+ hw/display/qxl.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: qemu-3.0.0/hw/display/qxl.c
+===================================================================
+--- qemu-3.0.0.orig/hw/display/qxl.c
++++ qemu-3.0.0/hw/display/qxl.c
+@@ -764,6 +764,9 @@ static void interface_release_resource(Q
+     QXLReleaseRing *ring;
+     uint64_t *item, id;
+ 
++    if (!ext.info) {
++        return;
++    }
+     if (ext.group_id == MEMSLOT_GROUP_HOST) {
+         /* host group -> vga mode update request */
+         QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
index 992cf7b..63a6468 100644
--- a/meta/recipes-devtools/qemu/qemu_3.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_3.0.0.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2018-19364_p1.patch \
            file://CVE-2018-19364_p2.patch \
            file://CVE-2018-19489.patch \
+           file://CVE-2019-12155.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* ✗ patchtest: failure for qemu: Security fix for CVE-2019-12155
  2019-06-07  0:25 [thud][PATCH] qemu: Security fix for CVE-2019-12155 Armin Kuster
@ 2019-06-08  4:10 ` Patchwork
  0 siblings, 0 replies; 2+ messages in thread
From: Patchwork @ 2019-06-08  4:10 UTC (permalink / raw)
  To: Armin Kuster; +Cc: openembedded-core

== Series Details ==

Series: qemu: Security fix for CVE-2019-12155
Revision: 1
URL   : https://patchwork.openembedded.org/series/18033/
State : failure

== Summary ==

Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:

* Issue             Series does not apply on top of target branch [test_series_merge_on_head] 
  Suggested fix    Rebase your series on top of targeted branch
  Targeted branch  thud (currently at f162d5bfe6)

If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-06-08  4:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-07  0:25 [thud][PATCH] qemu: Security fix for CVE-2019-12155 Armin Kuster
2019-06-08  4:10 ` ✗ patchtest: failure for " Patchwork

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox