qemu-e2k/arm at 8d1dc5d188b84a2b2aeb9bd39fddb3d2c67be60c - qemu-e2k - Expired Mentality Git

OpenE2K/qemu-e2k

History

Michael S. Tsirkin caa881abe0 pxa2xx: avoid buffer overrun on incoming migration

CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

2014-05-05 22:15:02 +02:00

..

allwinner-a10.c

hw/arm/allwinner-a10: initialize EMAC

2014-02-08 14:50:48 +00:00

armv7m.c

armv7m: Don't enforce use of kernel for qtest

2013-11-05 17:47:29 +01:00

boot.c

target-arm: Load ELF images with the correct machine type for CPU

2014-03-24 16:41:10 +00:00

collie.c

hw: Clean up bogus default boot order

2013-08-28 10:16:47 +03:00

cubieboard.c

allwinner-a10-pit: implement prescaler and source selection

2014-04-17 21:34:06 +01:00

digic_boards.c

hw/arm/digic: add NOR ROM support

2013-12-17 20:12:51 +00:00

digic.c

hw/arm/digic: add UART support

2013-12-17 20:12:51 +00:00

exynos4_boards.c

exynos4_boards: Silence lack of -smp 2 warning for qtest

2013-11-05 17:47:29 +01:00

exynos4210.c

exynos4210: Set reset-cbar property of Cortex-A9 CPUs

2014-03-17 16:31:46 +00:00

gumstix.c

gumstix: Don't enforce use of -pflash for qtest

2013-11-05 17:47:28 +01:00

highbank.c

hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property

2014-04-04 18:01:09 +01:00

integratorcp.c

hw/arm: Stop specifying integratorcp as the default board

2014-03-27 14:00:53 +00:00

kzm.c

hw: Clean up bogus default boot order

2013-08-28 10:16:47 +03:00

mainstone.c

mainstone: Fix duplicate array values for key 'space'

2014-01-01 18:03:55 +04:00

Makefile.objs

hw/arm: add cubieboard support

2013-12-17 20:12:51 +00:00

musicpal.c

hw/arm/musicpal: Avoid shifting left into sign bit

2014-03-10 14:56:30 +00:00

nseries.c

i2c: Rename i2c_bus to I2CBus

2014-02-14 16:22:31 +01:00

omap1.c

hw/arm/omap1.c: Avoid shifting left into sign bit

2014-03-10 14:56:29 +00:00

omap2.c

hw/arm/omap*: Don't use arm_pic_init_cpu()

2013-08-20 14:54:29 +01:00

omap_sx1.c

omap_sx1: Don't enforce use of kernel or flash for qtest

2013-11-05 17:47:29 +01:00

palm.c

palm: Don't enforce loading ROM or kernel for qtest

2013-11-05 17:47:29 +01:00

pxa2xx_gpio.c

pxa2xx: Don't shift into sign bit

2014-03-10 14:56:29 +00:00

pxa2xx_pic.c

pxa2xx: Don't shift into sign bit

2014-03-10 14:56:29 +00:00

pxa2xx.c

pxa2xx: avoid buffer overrun on incoming migration

2014-05-05 22:15:02 +02:00

realview.c

realview-pbx-a9: Set reset-cbar property for CPUs

2014-03-17 16:31:45 +00:00

spitz.c

ssi: Convert legacy SSI_SLAVE -> DEVICE casts

2014-03-12 20:13:02 +01:00

stellaris.c

i2c: Rename i2c_bus to I2CBus

2014-02-14 16:22:31 +01:00

strongarm.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

strongarm.h

…

tosa.c

tosa: QOM'ify DAC

2014-02-14 16:22:32 +01:00

versatilepb.c

i2c: Rename i2c_bus to I2CBus

2014-02-14 16:22:31 +01:00

vexpress.c

hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property

2014-04-04 18:01:09 +01:00

virt.c

hw/arm/virt: Add support for Cortex-A57

2014-05-01 15:25:52 +01:00

xilinx_zynq.c

ZYNQ: Implement board MIDR control for Zynq

2014-01-31 14:47:33 +00:00

z2.c

z2: QOM'ify AER915

2014-02-14 16:22:32 +01:00