ee760ac80a
Some tracepoints in megasas.c use a guest-controlled value as an index into the mfi_frame_desc[] array. Thus a malicious guest could cause an out-of-bounds error here. Fortunately, the impact is very low since this can only happen when the corresponding tracepoints have been enabled before, but the problem should be fixed anyway with a proper check. Buglink: https://bugs.launchpad.net/qemu/+bug/1882065 Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20200615072629.32321-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|---|---|---|
| .. | ||
| emulation.c | ||
| esp-pci.c | ||
| esp.c | ||
| Kconfig | ||
| lsi53c895a.c | ||
| Makefile.objs | ||
| megasas.c | ||
| mfi.h | ||
| mpi.h | ||
| mptconfig.c | ||
| mptendian.c | ||
| mptsas.c | ||
| mptsas.h | ||
| scsi-bus.c | ||
| scsi-disk.c | ||
| scsi-generic.c | ||
| spapr_vscsi.c | ||
| srp.h | ||
| trace-events | ||
| vhost-scsi-common.c | ||
| vhost-scsi.c | ||
| vhost-user-scsi.c | ||
| viosrp.h | ||
| virtio-scsi-dataplane.c | ||
| virtio-scsi.c | ||
| vmw_pvscsi.c | ||
| vmw_pvscsi.h | ||