OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
8eb5c8069a
qemu-e2k/hw
History
Klaus Jensen 8eb5c8069a hw/block/nvme: fix ns attachment out-of-bounds read 
nvme_ns_attachment() does not verify the contents of the host-supplied
16 bit "Number of Identifiers" field in the command payload.

Make sure the value is capped at 2047 and fix the out-of-bounds read.

Fixes: 645ce1a70c ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-07 10:48:32 +02:00
..
9pfs
acpi acpi/piix4: reinitialize acpi PM device on reset 2021-04-01 12:19:52 -04:00
adc
alpha
arm target-arm queue: 2021-04-06 16:04:33 +01:00
audio hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
avr
block hw/block/nvme: fix ns attachment out-of-bounds read 2021-04-07 10:48:32 +02:00
char target-arm queue: 2021-03-23 21:15:17 +00:00
core target-arm queue: 2021-04-06 16:04:33 +01:00
cpu
cris hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
display hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize() 2021-03-30 14:05:33 +01:00
dma
gpio
hppa
hyperv
i2c
i386 acpi: Move setters/getters of oem fields to X86MachineState 2021-03-22 18:58:19 -04:00
ide hw/ide: remove 'ide-drive' device 2021-03-18 09:22:55 +00:00
input
intc * fixes for i386 TCG paging 2021-03-19 18:01:17 +00:00
ipack
ipmi
isa isa/v582c686: Reinitialize ACPI PM device on reset 2021-04-01 12:19:52 -04:00
lm32
m68k
mem
microblaze hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
mips
misc hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
moxie
net hw/net: fsl_etsec: Tx padding length should exclude CRC 2021-03-31 11:10:50 +11:00
nios2
nubus
nvram
openrisc
pci virtio-pci: compat page aligned ATS 2021-04-06 07:11:36 -04:00
pci-bridge
pci-host
pcmcia
ppc hw/ppc/e500plat: Only try to add valid dynamic sysbus devices to platform bus 2021-04-06 11:49:14 +01:00
rdma
remote
riscv hw/riscv: microchip_pfsoc: Map EMMC/SD mux register 2021-03-22 21:54:40 -04:00
rtc
rx
s390x s390x: modularize virtio-gpu-ccw 2021-03-26 09:33:50 +01:00
scsi hw/scsi: remove 'scsi-disk' device 2021-03-18 09:22:55 +00:00
sd hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] when a different block size is programmed 2021-03-22 16:56:22 +01:00
sh4
smbios
sparc hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
sparc64 hw/ide: remove 'ide-drive' device 2021-03-18 09:22:55 +00:00
ssi
timer hw/timer/renesas_tmr: Add default-case asserts in read_tcnt() 2021-03-30 14:05:34 +01:00
tpm
tricore
unicore32
usb hw/usb/hcd-ehci: Fix crash when showing help of EHCI devices 2021-03-26 11:10:49 +01:00
vfio
virtio virtio-pci: compat page aligned ATS 2021-04-06 07:11:36 -04:00
watchdog
xen
xenpv
xtensa
Kconfig
meson.build