From: "Steve Sakoman" <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 21/36] qemu: fix CVE-2021-3608
Date: Sat, 28 Aug 2021 08:11:09 -1000 [thread overview]
Message-ID: <f8d34ef74dafcf14e07f9322254465d03490bd60.1630174149.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1630174149.git.steve@sakoman.com>
From: Sakib Sajal <sakib.sajal@windriver.com>
Source: http://git.yoctoproject.org/cgit/poky.git
MR: 112749
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=f5e77d70e2eb35751f5bad5572b6eb8a3ab14422
ChangeID: 4496341da3af9126c9c67170e1a2cce929c29828
Description:
(From OE-Core rev: 5e05ee8ff363eac84edec568039b86bcd716c6ce)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5e77d70e2eb35751f5bad5572b6eb8a3ab14422)
[Refreshed patch]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3608.patch | 40 +++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 6066418a7b..c8c170dda0 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -83,6 +83,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-3527-2.patch \
file://CVE-2021-3582.patch \
file://CVE-2021-3607.patch \
+ file://CVE-2021-3608.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
new file mode 100644
index 0000000000..7055ec3d23
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
@@ -0,0 +1,40 @@
+From 66ae37d8cc313f89272e711174a846a229bcdbd3 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Date: Wed, 30 Jun 2021 14:52:46 +0300
+Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do not unmap uninitialized dma addresses.
+
+Fixes: CVE-2021-3608
+Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3608
+Upstream-Status: Backport [66ae37d8cc313f89272e711174a846a229bcdbd3]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_dev_ring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: qemu-4.2.0/hw/rdma/vmw/pvrdma_dev_ring.c
+===================================================================
+--- qemu-4.2.0.orig/hw/rdma/vmw/pvrdma_dev_ring.c
++++ qemu-4.2.0/hw/rdma/vmw/pvrdma_dev_ring.c
+@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, c
+ atomic_set(&ring->ring_state->cons_head, 0);
+ */
+ ring->npages = npages;
+- ring->pages = g_malloc(npages * sizeof(void *));
++ ring->pages = g_malloc0(npages * sizeof(void *));
+
+ for (i = 0; i < npages; i++) {
+ if (!tbl[i]) {
--
2.25.1
next prev parent reply other threads:[~2021-08-28 18:13 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-28 18:10 [OE-core][dunfell 00/36] Patch review Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 01/36] glibc: Security fix CVE-2021-33574 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 02/36] glibc: Security fix for CVE-2021-38604 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 03/36] gnupg: upgrade 2.2.20 -> 2.2.21 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 04/36] gnupg: update 2.2.21 -> 2.2.22 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 05/36] gnupg: uprev 2.2.22 -> 2.2.23 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 06/36] gnupg: update 2.2.23 -> 2.2.26 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 07/36] gnupg: upgrade 2.2.26 -> 2.2.27 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 08/36] qemu: Security fix CVE-2020-25085 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 09/36] qemu: Security fix CVE-2020-25624 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 10/36] Qemu: Security fix for CVE-2020-25625/2021-3409/2020-17380 Steve Sakoman
2021-08-28 18:10 ` [OE-core][dunfell 11/36] qemu: Security fix for CVE-2020-29443 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 12/36] qemu: Security fix CVE-2021-20221 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 13/36] qemu: fix CVE-2021-20181 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 14/36] qemu: fix CVE-2021-3416 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 15/36] qemu: fix CVE-2021-20257 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 16/36] qemu: Security fix CVE-2021-3544 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 17/36] qemu: Security fixes CVE-2021-3545/6 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 18/36] qemu: fix CVE-2021-3527 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 19/36] qemu: fix CVE-2021-3582 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 20/36] qemu: fix CVE-2021-3607 Steve Sakoman
2021-08-28 18:11 ` Steve Sakoman [this message]
2021-08-28 18:11 ` [OE-core][dunfell 22/36] rpm: Add fix for CVE-2021-20266 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 23/36] binutils: Security fix for CVE-2021-3549 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 24/36] binutils: Security fix for CVE-2020-16593 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 25/36] openssl: update from 1.1.1k to 1.1.1l Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 26/36] Use the label provided when formating a dos partition Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 27/36] lzo: add CVE_PRODUCT Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 28/36] utils: Reduce the number of calls to the "dirname" command Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 29/36] tcf-agent: fetching over git:// no longer works Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 30/36] mklibs-native: drop deprecated cpp17 exceptions Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 31/36] image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 32/36] linux-yocto/5.4: update to v5.4.142 Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 33/36] qemurunner.py: print output from runqemu/qemu-system in stop() Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 34/36] qemurunner.py: handle getOutput() having nothing to read Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 35/36] parselogs.py: ignore intermittent CD/DVDROM identification failure Steve Sakoman
2021-08-28 18:11 ` [OE-core][dunfell 36/36] selftest: disable virgl headless test Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f8d34ef74dafcf14e07f9322254465d03490bd60.1630174149.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox