On 1/18/21 7:32 AM, P J P wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > While processing ATAPI cmd_read/cmd_read_cd commands, > Logical Block Address (LBA) maybe invalid OR closer to the last block, > leading to an OOB access issues. Add range check to avoid it. > > Fixes: CVE-2020-29443 > Reported-by: Wenxiang Qian <leonwxq...@gmail.com> > Fix-suggested-by: Paolo Bonzini <pbonz...@redhat.com>
"Suggested-by" > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > hw/ide/atapi.c | 30 ++++++++++++++++++++++++------ > 1 file changed, 24 insertions(+), 6 deletions(-)
