From: Sakib Sajal <[email protected]> Source: http://git.yoctoproject.org/cgit/poky.git MR: 112749 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=f5e77d70e2eb35751f5bad5572b6eb8a3ab14422 ChangeID: 4496341da3af9126c9c67170e1a2cce929c29828 Description:
(From OE-Core rev: 5e05ee8ff363eac84edec568039b86bcd716c6ce) Signed-off-by: Sakib Sajal <[email protected]> Signed-off-by: Anuj Mittal <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit f5e77d70e2eb35751f5bad5572b6eb8a3ab14422) [Refreshed patch] Signed-off-by: Armin Kuster <[email protected]> --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-3608.patch | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 6066418a7b..c8c170dda0 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -83,6 +83,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3527-2.patch \ file://CVE-2021-3582.patch \ file://CVE-2021-3607.patch \ + file://CVE-2021-3608.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch new file mode 100644 index 0000000000..7055ec3d23 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch @@ -0,0 +1,40 @@ +From 66ae37d8cc313f89272e711174a846a229bcdbd3 Mon Sep 17 00:00:00 2001 +From: Marcel Apfelbaum <[email protected]> +Date: Wed, 30 Jun 2021 14:52:46 +0300 +Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not unmap uninitialized dma addresses. + +Fixes: CVE-2021-3608 +Reviewed-by: VictorV (Kunlun Lab) <[email protected]> +Tested-by: VictorV (Kunlun Lab) <[email protected]> +Signed-off-by: Marcel Apfelbaum <[email protected]> +Message-Id: <[email protected]> +Tested-by: Yuval Shaia <[email protected]> +Reviewed-by: Yuval Shaia <[email protected]> +Reviewed-by: Philippe Mathieu-Daudé <[email protected]> +Signed-off-by: Marcel Apfelbaum <[email protected]> + +CVE: CVE-2021-3608 +Upstream-Status: Backport [66ae37d8cc313f89272e711174a846a229bcdbd3] +Signed-off-by: Sakib Sajal <[email protected]> +--- + hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/rdma/vmw/pvrdma_dev_ring.c +=================================================================== +--- qemu-4.2.0.orig/hw/rdma/vmw/pvrdma_dev_ring.c ++++ qemu-4.2.0/hw/rdma/vmw/pvrdma_dev_ring.c +@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, c + atomic_set(&ring->ring_state->cons_head, 0); + */ + ring->npages = npages; +- ring->pages = g_malloc(npages * sizeof(void *)); ++ ring->pages = g_malloc0(npages * sizeof(void *)); + + for (i = 0; i < npages; i++) { + if (!tbl[i]) { -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155262): https://lists.openembedded.org/g/openembedded-core/message/155262 Mute This Topic: https://lists.openembedded.org/mt/85117492/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
