OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
4367a20cc4
qemu-e2k/hw
History
Mauro Matteo Cascella 4367a20cc4 scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) 
Set current_req to NULL, not current_req->req, to prevent reusing a free'd
buffer in case of repeated SCSI cancel requests.  Also apply the fix to
CLEAR QUEUE and BUS DEVICE RESET messages as well, since they also cancel
the request.

Thanks to Alexander Bulekov for providing a reproducer.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20220711123316.421279-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
..
9pfs trivial typos: namesapce 2022-06-28 11:06:44 +02:00
acpi trivial typos: namesapce 2022-06-28 11:06:44 +02:00
adc hw/adc/zynq-xadc: Use qemu_irq typedef 2022-05-19 16:19:02 +01:00
alpha
arm hw/arm/virt: dt: add rng-seed property 2022-07-07 11:36:07 +01:00
audio hw/audio/cs4231a: Const'ify global tables 2022-06-11 11:44:50 +02:00
avr
block hw: m25p80: add WP# pin and SRWD bit for write protection 2022-06-30 09:21:13 +02:00
char acpi: serial-is: replace ISADeviceClass::build_aml with AcpiDevAmlIfClass:build_dev_aml 2022-06-09 19:32:48 -04:00
core qdev: unplug blocker for devices 2022-06-15 14:50:41 +01:00
cpu
cris
cxl pci-bridge/cxl_downstream: Add a CXL switch downstream port 2022-06-16 12:54:57 -04:00
display hw/i2c: add asynchronous send 2022-06-30 09:21:14 +02:00
dma ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
gpio hw/gpio: replace HWADDR_PRIx with PRIx64 2022-05-25 10:31:33 +02:00
hppa lasips2: move mapping of LASIPS2 registers to HPPA machine 2022-06-26 18:40:12 +01:00
hyperv hw/hyperv/vmbus: Remove unused vmbus_load/save_req() 2022-05-30 19:49:42 +02:00
i2c hw/i2c/aspeed: Add new-registers DMA slave mode RX support 2022-06-30 09:21:14 +02:00
i386 hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it 2022-06-29 00:24:59 +02:00
ide hw/ide/atapi.c: Correct typos (CD-CDROM -> CD-ROM) 2022-06-28 12:03:25 +02:00
input ps2: remove update_irq() function and update_arg parameter 2022-06-26 18:40:12 +01:00
intc ppc: Define SETFIELD for the ppc target 2022-07-06 10:22:38 -03:00
ipack
ipmi acpi: ipmi: use AcpiDevAmlIf interface to build IPMI device descriptors 2022-06-09 19:32:49 -04:00
isa hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it 2022-06-29 00:24:59 +02:00
loongarch hw/intc/loongarch_ipi: Fix ipi device access of 64bits 2022-07-05 16:25:17 +05:30
m68k m68k: virt: pass RNG seed via bootinfo block 2022-07-06 12:30:41 +02:00
mem
microblaze
mips pckbd: move mapping of I8042_MMIO registers to MIPS magnum machine 2022-06-26 18:40:12 +01:00
misc hw/misc/aspeed: Add PECI controller 2022-06-30 09:21:14 +02:00
net e1000: set RX descriptor status in a separate operation 2022-07-06 11:39:09 +08:00
nios2
nubus
nvme trivial typos: namesapce 2022-06-28 11:06:44 +02:00
nvram hw/i2c: add asynchronous send 2022-06-30 09:21:14 +02:00
openrisc hw/openrisc: use right OMPIC size variable 2022-05-15 10:33:01 +09:00
pci trivial patches pull request 20220629 2022-06-30 04:49:40 +05:30
pci-bridge pci-bridge/cxl_downstream: Add a CXL switch downstream port 2022-06-16 12:54:57 -04:00
pci-host ppc: Define SETFIELD for the ppc target 2022-07-06 10:22:38 -03:00
pcmcia
ppc ppc/spapr: Implement H_WATCHDOG 2022-07-06 10:22:38 -03:00
rdma
remote vfio-user: handle reset of remote device 2022-06-15 16:43:42 +01:00
riscv hw/riscv: boot: Reduce FDT address alignment constraints 2022-07-03 10:03:20 +10:00
rtc hw/rtc/ls7a_rtc: Drop unused inline functions 2022-07-05 16:17:53 +05:30
rx
s390x virtio: stop ioeventfd on reset 2022-06-14 16:50:30 +02:00
scsi scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) 2022-07-13 16:58:57 +02:00
sd hw/sd/allwinner-sdhost: report FIFO water level as 1 when data ready 2022-05-30 12:34:46 +01:00
sensor hw/i2c: add asynchronous send 2022-06-30 09:21:14 +02:00
sh4
smbios
sparc
sparc64 hw: Reuse TYPE_I8042 define 2022-06-11 11:44:50 +02:00
ssi aspeed/smc: Fix potential overflow 2022-06-30 09:21:13 +02:00
timer Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
tpm acpi: tpm-tis: use AcpiDevAmlIfClass:build_dev_aml to provide device's AML 2022-06-09 19:32:49 -04:00
tricore
usb hw: canokey: Remove HS support as not compliant to the spec 2022-07-01 12:39:51 +02:00
vfio ui/console: Do not return a value with ui_info 2022-06-14 10:34:37 +02:00
virtio virtio-iommu: Fix migration regression 2022-06-27 18:53:18 -04:00
watchdog ppc/spapr: Implement H_WATCHDOG 2022-07-06 10:22:38 -03:00
xen xen/pass-through: don't create needless register group 2022-07-05 14:19:48 +01:00
xenpv
xtensa
Kconfig hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00
meson.build hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00