subject:"\[PATCH\] net\: vmxnet3\: validate configuration values during activate \(CVE\-2021\-20203\)"

Re: [PATCH] net: vmxnet3: validate configuration values during activate (CVE-2021-20203)

2021-10-18 Thread P J P

On Monday, 18 October, 2021, 12:20:55 pm IST, Thomas Huth wrote: On 30/01/2021 14.16, P J P wrote: >> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c >> index eff299f629..4a910ca971 100644 >> --- a/hw/net/vmxnet3.c >> +++ b/hw/net/vmxnet3.c >> @@ -1420,6 +1420,7 @@ static void

Re: [PATCH] net: vmxnet3: validate configuration values during activate (CVE-2021-20203)

2021-10-18 Thread Thomas Huth

On 30/01/2021 14.16, P J P wrote: From: Prasad J Pandit While activating device in vmxnet3_acticate_device(), it does not validate guest supplied configuration values against predefined minimum - maximum limits. This may lead to integer overflow or OOB access issues. Add checks to avoid it.

[PATCH] net: vmxnet3: validate configuration values during activate (CVE-2021-20203)

2021-01-30 Thread P J P

From: Prasad J Pandit While activating device in vmxnet3_acticate_device(), it does not validate guest supplied configuration values against predefined minimum - maximum limits. This may lead to integer overflow or OOB access issues. Add checks to avoid it. Fixes: CVE-2021-20203 Buglink: