[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/4] hw/sd: sdhci: Fixes to CVE-2020-17380, CVE-2020-25085, CVE-2
|
From: |
Bin Meng |
|
Subject: |
[PATCH 0/4] hw/sd: sdhci: Fixes to CVE-2020-17380, CVE-2020-25085, CVE-2021-3409 |
|
Date: |
Mon, 15 Feb 2021 23:11:07 +0800 |
From: Bin Meng <bin.meng@windriver.com>
This series includes several fixes to CVE-2020-17380, CVE-2020-25085
and CVE-2021-3409 that are heap-based buffer overflow issues existing
in the sdhci model.
These CVEs are pretty much similar, and were filed using different
reproducers. With this series, current known reproducers I have
cannot be reproduced any more.
The implementation of this model may still have some issues, i.e.:
some codes do not strictly match the spec, but since this series
only aimes to address CVEs, such issue should be fixed in a separate
series in the future, if I have time :)
Bin Meng (4):
hw/sd: sdhci: Don't transfer any data when command time out
hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in
progress
hw/sd: sdhci: Correctly set the controller status for ADMA
hw/sd: sdhci: Simplify updating s->prnsts in
sdhci_sdma_transfer_multi_blocks()
hw/sd/sdhci.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
--
2.7.4
- [PATCH 0/4] hw/sd: sdhci: Fixes to CVE-2020-17380, CVE-2020-25085, CVE-2021-3409,
Bin Meng <=
- [PATCH 1/4] hw/sd: sdhci: Don't transfer any data when command time out, Bin Meng, 2021/02/15
- [PATCH 2/4] hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress, Bin Meng, 2021/02/15
- [PATCH 3/4] hw/sd: sdhci: Correctly set the controller status for ADMA, Bin Meng, 2021/02/15
- [PATCH 4/4] hw/sd: sdhci: Simplify updating s->prnsts in sdhci_sdma_transfer_multi_blocks(), Bin Meng, 2021/02/15
- Re: [PATCH 0/4] hw/sd: sdhci: Fixes to CVE-2020-17380, CVE-2020-25085, CVE-2021-3409, Alexander Bulekov, 2021/02/15