haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/i386
History
Prasad J Pandit ed4f86e8b6 multiboot: validate multiboot header address values 
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
the kernel image. These addresses are used to compute kernel
size and kernel text offset in the OS image. Validate these
address values to avoid an OOB access issue.

This is CVE-2017-14167.

Reported-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170907063256.7418-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-09-19 14:09:33 +02:00
..
kvm Convert error_report() to warn_report() 2017-07-13 13:49:58 +02:00
xen trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
acpi-build.c hw/acpi: Move acpi_set_pci_info to pcihp 2017-09-08 16:15:17 +03:00
acpi-build.h Use scripts/clean-includes to drop redundant qemu/typedefs.h 2016-03-22 22:20:16 +01:00
amd_iommu.c memory/iommu: introduce IOMMUMemoryRegionClass 2017-07-14 12:04:41 +02:00
amd_iommu.h memory/iommu: introduce IOMMUMemoryRegionClass 2017-07-14 12:04:41 +02:00
intel_iommu.c intel_iommu: fix missing BQL in pt fast path 2017-09-08 16:15:17 +03:00
intel_iommu_internal.h intel_iommu: fix iova for pt 2017-08-02 00:13:25 +03:00
kvmvapic.c mttcg/i386: Patch instruction using async_safe_* framework 2017-07-14 12:04:35 +02:00
Makefile.objs hw/i386: Introduce AMD IOMMU 2016-09-24 01:02:00 +03:00
multiboot.c multiboot: validate multiboot header address values 2017-09-19 14:09:33 +02:00
multiboot.h refer to FWCfgState explicitly 2013-06-02 18:14:02 +03:00
pc.c hw/ppc/spapr: Fix segfault when instantiating a 'pc-dimm' without 'memdev' 2017-08-22 21:26:46 +10:00
pc_piix.c pc: add 2.11 machine types 2017-09-08 16:15:17 +03:00
pc_q35.c pc: add 2.11 machine types 2017-09-08 16:15:17 +03:00
pc_sysfw.c hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
pci-assign-load-rom.c memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate() 2017-07-14 17:59:42 +01:00
trace-events docs: fix broken paths to docs/devel/tracing.txt 2017-07-31 13:12:53 +03:00
x86-iommu.c intel_iommu: support passthrough (PT) 2017-05-25 21:25:27 +03:00