qemu-e2k

History

Petr Matousek e907746266 fdc: force the fifo access to be in bounds of the allocated buffer During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>		2015-05-12 18:52:57 -04:00
..
9pfs
acpi	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
alpha
arm	hw/arm/highbank.c: Wire FIQ between CPU <> GIC	2015-05-12 11:57:19 +01:00
audio
block	fdc: force the fifo access to be in bounds of the allocated buffer	2015-05-12 18:52:57 -04:00
bt
char
core	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
cpu
cris
display
dma
gpio
i2c
i386	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
ide
input
intc	hw/intc/arm_gic: Add grouping support to gic_update()	2015-05-12 11:57:18 +01:00
ipack
isa
lm32
m68k
mem
microblaze	microblaze: fix memory leak	2015-04-30 16:06:18 +03:00
mips
misc
moxie
net	-----BEGIN PGP SIGNATURE-----	2015-05-12 10:40:31 +01:00
nvram
openrisc
pci	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
pci-bridge
pci-host
pcmcia
ppc	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
s390x	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
scsi	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
sd	hw/sd: Don't pass BlockBackend to sd_reset()	2015-05-12 11:57:16 +01:00
sh4
sparc
sparc64
ssi
timer
tpm
tricore
unicore32
usb	trivial patches for 2015-05-09	2015-05-11 13:54:00 +01:00
vfio	exec: move rcu_read_lock/unlock to address_space_translate callers	2015-04-30 16:55:32 +02:00
virtio	pc, virtio enhancements	2015-05-11 16:25:33 +01:00
watchdog
xen
xenpv
xtensa
Makefile.objs