OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw
History
Prasad J Pandit b8d7f1bc59 ide: atapi: check logical block address and read size (CVE-2020-29443) 
While processing ATAPI cmd_read/cmd_read_cd commands,
Logical Block Address (LBA) maybe invalid OR closer to the last block,
leading to an OOB access issues. Add range check to avoid it.

Fixes: CVE-2020-29443
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20210118115130.457044-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 		2021-01-23 09:26:40 -05:00
..
9pfs 9pfs: Fully restart unreclaim loop (CVE-2021-20181) 2021-01-15 08:44:28 +01:00
acpi acpi: Add addr offset in build_crs 2021-01-17 06:42:54 -05:00
adc hw/adc: Add an ADC module for NPCM7XX 2021-01-12 21:19:02 +00:00
alpha vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
arm hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
audio audio/via-ac97: Simplify code and set user_creatable to false 2021-01-04 23:24:44 +01:00
avr vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
block nbd patches for 2021-01-20 2021-01-21 10:44:28 +00:00
char Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
core clock: Define and use new clock_display_freq() 2021-01-04 23:24:44 +01:00
cpu cpu/core: Register core-id and nr-threads as class properties 2020-09-22 16:48:29 -04:00
cris cris: do not use ram_size global 2020-12-10 12:15:07 -05:00
display migration: Replace migration's JSON writer by the general one 2020-12-19 10:39:16 +01:00
dma hw/dma/xilinx_axidma: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
gpio nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
hppa hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
hyperv qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
i2c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
i386 acpi: Add addr offset in build_crs 2021-01-17 06:42:54 -05:00
ide ide: atapi: check logical block address and read size (CVE-2020-29443) 2021-01-23 09:26:40 -05:00
input Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
intc hw/intc/ppc-uic: Make default dcr-base 0xc0, not 0x30 2021-01-19 10:20:29 +11:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
isa vt82c686: Rename superio config related parts 2021-01-04 23:24:44 +01:00
lm32 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
m68k hw/m68k/next-cube: Add vmstate for NeXTPC device 2021-01-19 09:11:52 +01:00
mem hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
microblaze vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
mips docs/system: Remove deprecated 'fulong2e' machine alias 2021-01-14 17:13:54 +01:00
misc Trivial patches 20210118 2021-01-18 15:19:06 +00:00
moxie moxie: do not use ram_size global 2020-12-10 12:15:08 -05:00
net hw/net/lan9118: Add symbolic constants for register offsets 2021-01-12 21:19:02 +00:00
nios2 * New -action option and set-action QMP command (Alejandro) 2020-12-15 21:24:31 +00:00
nubus meson: convert hw/nubus 2020-08-21 06:30:25 -04:00
nvram hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
openrisc target/openrisc: Move pic_cpu code into CPU object proper 2020-12-15 12:04:30 +00:00
pci pci/shpc: don't push attention button when ejecting powered-off device 2021-01-13 09:06:37 -05:00
pci-bridge Kconfig: Compile PXB for ARM_VIRT 2021-01-17 06:42:54 -05:00
pci-host acpi/gpex: Exclude pxb's resources from PCI0 2021-01-17 06:42:54 -05:00
pcmcia pxa2xx: Move QOM macros to header 2020-08-27 14:04:55 -04:00
ppc spapr_cpu_core.c: use g_auto* in spapr_create_vcpu() 2021-01-19 10:20:29 +11:00
rdma Machine queue, 2020-12-23 2021-01-01 22:57:15 +00:00
riscv riscv: Pass RISCVHartArrayState by pointer 2021-01-16 14:34:46 -08:00
rtc pl031: Use timer_free() in the finalize function to avoid memleaks 2021-01-18 11:51:26 +01:00
rx rx: move BIOS load from MCU to board 2020-12-10 12:15:06 -05:00
s390x Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
scsi block: Honor blk_set_aio_context() context requirements 2021-01-20 14:48:08 -06:00
sd Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
semihosting semihosting: Implement SYS_ISERROR 2021-01-18 10:05:06 +00:00
sh4 hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
smbios i386: do not use ram_size global 2020-12-10 12:15:08 -05:00
sparc sun4m: don't connect two qemu_irqs directly to the same input 2021-01-06 11:41:37 +00:00
sparc64 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
ssi hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
timer hw/timer: Refactor NPCM7XX Timer to use CLK clock 2021-01-12 21:19:02 +00:00
tpm qdev: Move qdev_prop_tpm declaration to tpm_prop.h 2020-12-18 15:20:17 -05:00
tricore tricore tcg cpus: Fix Lesser GPL version number 2020-11-15 16:40:30 +01:00
unicore32 meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
usb Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
vfio Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
virtio hw/virtio-pci: Replace error_report() by qemu_log_mask(GUEST_ERROR) 2021-01-18 11:51:26 +01:00
watchdog Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
xen qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
Kconfig hw/net/can: Introduce Xilinx ZynqMP CAN controller 2020-12-10 11:30:44 +00:00
meson.build meson: convert hw/arch* 2020-08-21 06:30:33 -04:00