On 18/7/23 17:35, Polampalli, Archana via lists.openembedded.org wrote:
A vulnerability in the lsi53c895a device affects the latest version
of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption
bugs like stack overflow or use-after-free.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-0330
Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75
Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-0330.patch | 75 +++++++++++++++++++
2 files changed, 76 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184623):
https://lists.openembedded.org/g/openembedded-core/message/184623
Mute This Topic: https://lists.openembedded.org/mt/100217890/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
