Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incom

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incom

From:	Peter Maydell
Subject:	Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration
Date:	Mon, 31 Mar 2014 16:29:43 +0100

On 31 March 2014 15:17, Michael S. Tsirkin <address@hidden> wrote:
> CVE-2013-4533
>
> s->rx_level is read from the wire and used to determine how many bytes
> to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
> length of s->rx_fifo[] the buffer can be overrun with arbitrary data
> from the wire.
>
> Fix this by validating rx_level against the size of s->rx_fifo.
>
> Cc: Don Koch <address@hidden>
> Reported-by: Michael Roth <address@hidden>
> Signed-off-by: Michael S. Tsirkin <address@hidden>

Reviewed-by: Peter Maydell <address@hidden>

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-stable] [PATCH v4 13/30] stellaris_enet: avoid buffer overrun on incoming migration, (continued)
- [Qemu-stable] [PATCH v4 14/30] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 15/30] stellaris_enet: avoid buffer orerrun on incoming migration (part 3), Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 16/30] virtio: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 16/30] virtio: avoid buffer overrun on incoming migration, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 17/30] openpic: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 17/30] openpic: avoid buffer overrun on incoming migration, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration, Peter Maydell <=
  - Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration, Don Koch, 2014/03/31
- [Qemu-stable] [PATCH v4 18/30] virtio: validate num_sg when mapping, Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 20/30] ssi-sd: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 20/30] ssi-sd: fix buffer overrun on invalid state load, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 21/30] ssd0323: fix buffer overun on invalid state load, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [Qemu-devel] [PATCH v4 21/30] ssd0323: fix buffer overun on invalid state load, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 22/30] tsc210x: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
  - Re: [Qemu-stable] [PATCH v4 22/30] tsc210x: fix buffer overrun on invalid state load, Peter Maydell, 2014/03/31
- [Qemu-stable] [PATCH v4 23/30] zaurus: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31
- [Qemu-stable] [PATCH v4 25/30] virtio-scsi: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/03/31

Prev by Date: Re: [Qemu-stable] [PATCH v4 01/30] vmstate: reduce code duplication
Next by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH v4 08/30] ahci: fix buffer overrun on invalid state load
Previous by thread: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration
Next by thread: Re: [Qemu-stable] [PATCH v4 19/30] pxa2xx: avoid buffer overrun on incoming migration
Index(es):
- Date
- Thread