haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/arm
History
Michael S. Tsirkin caa881abe0 pxa2xx: avoid buffer overrun on incoming migration 
CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
..
allwinner-a10.c hw/arm/allwinner-a10: initialize EMAC 2014-02-08 14:50:48 +00:00
armv7m.c armv7m: Don't enforce use of kernel for qtest 2013-11-05 17:47:29 +01:00
boot.c target-arm: Load ELF images with the correct machine type for CPU 2014-03-24 16:41:10 +00:00
collie.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
cubieboard.c allwinner-a10-pit: implement prescaler and source selection 2014-04-17 21:34:06 +01:00
digic.c hw/arm/digic: add UART support 2013-12-17 20:12:51 +00:00
digic_boards.c hw/arm/digic: add NOR ROM support 2013-12-17 20:12:51 +00:00
exynos4_boards.c exynos4_boards: Silence lack of -smp 2 warning for qtest 2013-11-05 17:47:29 +01:00
exynos4210.c exynos4210: Set reset-cbar property of Cortex-A9 CPUs 2014-03-17 16:31:46 +00:00
gumstix.c gumstix: Don't enforce use of -pflash for qtest 2013-11-05 17:47:28 +01:00
highbank.c hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property 2014-04-04 18:01:09 +01:00
integratorcp.c hw/arm: Stop specifying integratorcp as the default board 2014-03-27 14:00:53 +00:00
kzm.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
mainstone.c mainstone: Fix duplicate array values for key 'space' 2014-01-01 18:03:55 +04:00
Makefile.objs hw/arm: add cubieboard support 2013-12-17 20:12:51 +00:00
musicpal.c hw/arm/musicpal: Avoid shifting left into sign bit 2014-03-10 14:56:30 +00:00
nseries.c i2c: Rename i2c_bus to I2CBus 2014-02-14 16:22:31 +01:00
omap1.c hw/arm/omap1.c: Avoid shifting left into sign bit 2014-03-10 14:56:29 +00:00
omap2.c hw/arm/omap*: Don't use arm_pic_init_cpu() 2013-08-20 14:54:29 +01:00
omap_sx1.c omap_sx1: Don't enforce use of kernel or flash for qtest 2013-11-05 17:47:29 +01:00
palm.c palm: Don't enforce loading ROM or kernel for qtest 2013-11-05 17:47:29 +01:00
pxa2xx.c pxa2xx: avoid buffer overrun on incoming migration 2014-05-05 22:15:02 +02:00
pxa2xx_gpio.c pxa2xx: Don't shift into sign bit 2014-03-10 14:56:29 +00:00
pxa2xx_pic.c pxa2xx: Don't shift into sign bit 2014-03-10 14:56:29 +00:00
realview.c realview-pbx-a9: Set reset-cbar property for CPUs 2014-03-17 16:31:45 +00:00
spitz.c ssi: Convert legacy SSI_SLAVE -> DEVICE casts 2014-03-12 20:13:02 +01:00
stellaris.c i2c: Rename i2c_bus to I2CBus 2014-02-14 16:22:31 +01:00
strongarm.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
strongarm.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
tosa.c tosa: QOM'ify DAC 2014-02-14 16:22:32 +01:00
versatilepb.c i2c: Rename i2c_bus to I2CBus 2014-02-14 16:22:31 +01:00
vexpress.c hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property 2014-04-04 18:01:09 +01:00
virt.c hw/arm/virt: Add support for Cortex-A57 2014-05-01 15:25:52 +01:00
xilinx_zynq.c ZYNQ: Implement board MIDR control for Zynq 2014-01-31 14:47:33 +00:00
z2.c z2: QOM'ify AER915 2014-02-14 16:22:32 +01:00