This reverts commit 5e8e08df8b5d0040ad911d3c51f63e7fec1858b4. This is an incomplete fix.
Signed-off-by: Anuj Mittal <anuj.mit...@intel.com> --- meta/recipes-devtools/qemu/qemu.inc | 1 - .../qemu/qemu/CVE-2021-3392.patch | 45 ------------------- 2 files changed, 46 deletions(-) delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 486f404668..810d8b7c8a 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -54,7 +54,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3416_9.patch \ file://CVE-2021-3416_10.patch \ file://CVE-2021-20257.patch \ - file://CVE-2021-3392.patch \ file://CVE-2020-27821.patch \ file://CVE-2021-20263.patch \ " diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch deleted file mode 100644 index 1c688827db..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3431b01b43584de5f710c40605fe3251f81c0e11 Mon Sep 17 00:00:00 2001 -From: Minjae Kim <flower...@gmail.com> -Date: Tue, 27 Apr 2021 02:09:49 +0000 -Subject: [PATCH] scsi: mptsas: dequeue request object in case of an error - (CVE-2021-3392) - -From: Prasad J Pandit <p...@fedoraproject.org> - -While processing SCSI i/o requests in mptsas_process_scsi_io_request(), -the Megaraid emulator appends new MPTSASRequest object 'req' to -the 's->pending' queue. In case of an error, this same object gets -dequeued in mptsas_free_request() only if SCSIRequest object -'req->sreq' is initialised. This may lead to a use-after-free issue. -Unconditionally dequeue 'req' object from 's->pending' to avoid it. - -Fixes: CVE-2021-3392 -Buglink: https://bugs.launchpad.net/qemu/+bug/1914236 -Reported-by: Cheolwoo Myung <cwmy...@snu.ac.kr> -Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> - -Upstream-Status: Acepted -[https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html] -CVE: CVE-2021-3392 -Signed-off-by: Minjae Kim <flower...@gmail.com> ---- - hw/scsi/mptsas.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c -index f86616544..adff5b0bf 100644 ---- a/hw/scsi/mptsas.c -+++ b/hw/scsi/mptsas.c -@@ -257,8 +257,8 @@ static void mptsas_free_request(MPTSASRequest *req) - req->sreq->hba_private = NULL; - scsi_req_unref(req->sreq); - req->sreq = NULL; -- QTAILQ_REMOVE(&s->pending, req, next); - } -+ QTAILQ_REMOVE(&s->pending, req, next); - qemu_sglist_destroy(&req->qsg); - g_free(req); - } --- -2.17.1 - -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151257): https://lists.openembedded.org/g/openembedded-core/message/151257 Mute This Topic: https://lists.openembedded.org/mt/82596026/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
