[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [PATCH 11/23] stellaris_enet: avoid buffer overrun on
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-stable] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2) |
|
Date: |
Tue, 3 Dec 2013 18:36:19 +0000 |
On 3 December 2013 16:28, Michael S. Tsirkin <address@hidden> wrote:
> From: Michael Roth <address@hidden>
>
> CVE-2013-4532
>
> s->tx_fifo_len is read from the wire and later used as an index into
> s->tx_fifo[] when a DATA command is issued by the guest. If
> s->tx_fifo_len is greater than the length of s->tx_fifo[], or less
> than 0, the buffer can be overrun/underrun by arbitrary data written out
> by the guest upon resuming it's execution.
"its".
thanks
-- PMM
- Re: [Qemu-stable] [Qemu-devel] [PATCH 15/23] pxa2xx: avoid buffer overrun on incoming migration, (continued)
- [Qemu-stable] [PATCH 17/23] ssi-sd: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 18/23] ssd0323: fix buffer overun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 20/23] zaurus: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 19/23] tsc210x: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 21/23] usb: sanity check setup_index+setup_len in post_load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 22/23] virtio-scsi: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 23/23] savevm: fix potential segfault on invalid state, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 04/23] virtio: out-of-bounds buffer write on invalid state load, Michael S. Tsirkin, 2013/12/03
- Re: [Qemu-stable] [Qemu-devel] [PATCH 00/23] qemu state loading issues, Peter Maydell, 2013/12/03