OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw
History
Michael S. Tsirkin caa881abe0 pxa2xx: avoid buffer overrun on incoming migration 
CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
..
9pfs
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
acpi
acpi: Assert sts array limit on AcpiCpuHotplug_add()
2014-03-18 16:08:43 +02:00
alpha
exec: Make stq_*_phys input an AddressSpace
2014-02-11 22:57:12 +10:00
arm
pxa2xx: avoid buffer overrun on incoming migration
2014-05-05 22:15:02 +02:00
audio
hda-audio: fix non-mixer codecs
2014-04-29 10:46:29 +02:00
block
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
bt
Preparation for usb-bt-dongle conditional build
2013-09-10 11:14:41 +02:00
char
char/serial: Fix emptyness handling
2014-04-07 14:51:32 +01:00
core
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
cpu
icc_bus: QOM'ify ICC
2013-12-24 18:02:18 +01:00
cris
cris: Remove the CRIS PIC glue
2014-02-03 14:04:00 +00:00
display
vga: add secondary stdvga variant
2014-04-28 11:03:32 +02:00
dma
qom: Add check() argument to object_property_add_link()
2014-03-19 22:23:13 +01:00
gpio
max7310: QOM'ify
2014-02-14 16:22:32 +01:00
i2c
Fix grammar in comment
2014-04-18 10:33:36 +04:00
i386
misc: Use cpu_physical_memory_read and cpu_physical_memory_write
2014-04-27 13:04:18 +04:00
ide
ahci: fix buffer overrun on invalid state load
2014-05-05 22:15:02 +02:00
input
pckbd: return 'keyboard enabled' on read input port command
2014-03-09 21:09:38 +02:00
intc
target-arm queue:
2014-05-02 11:32:00 +01:00
ipack
ipack: Move IndustryPack out of hw/char/
2014-02-14 21:11:53 +01:00
isa
QOM infrastructure fixes and device conversions
2014-02-20 13:05:48 +00:00
lm32
hw/lm32: print error if cpu model is not found
2014-02-04 19:47:39 +01:00
m68k
an5206: Don't enforce use of kernel for qtest
2013-11-05 17:47:29 +01:00
microblaze
xilinx: Delete hw/include/xilinx.h
2014-02-26 14:54:45 +10:00
mips
i2c: Rename i2c_bus to I2CBus
2014-02-14 16:22:31 +01:00
misc
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
moxie
moxie: fix load_elf() usage
2014-03-05 03:06:46 +01:00
net
virtio-net: out-of-bounds buffer write on invalid state load
2014-05-05 14:15:10 +02:00
nvram
vl.c: Extend get_boot_devices_list() to ignore suffixes
2014-03-20 02:40:07 +01:00
openrisc
openrisc-timer: Reduce overhead, Separate clock update functions
2013-11-20 21:46:45 +08:00
pci
hw/pci/pcie_aer.c: fix buffer overruns on invalid state load
2014-05-05 22:15:02 +02:00
pci-bridge
pci/shpc: convert SHPC hotplug to use hotplug-handler API
2014-02-10 10:27:00 +02:00
pci-host
hw/pci-host/prep: Don't reverse IO accesses on bigendian hosts
2014-04-08 18:37:45 +01:00
pcmcia
qom: Add check() argument to object_property_add_link()
2014-03-19 22:23:13 +01:00
ppc
ppce500_spin: Initialize struct properly
2014-04-08 11:20:05 +02:00
s390x
qom: Add check() argument to object_property_add_link()
2014-03-19 22:23:13 +01:00
scsi
scsi-bus: remove bogus assertion
2014-04-02 13:24:23 +02:00
sd
ssi: Convert legacy SSI_SLAVE -> DEVICE casts
2014-03-12 20:13:02 +01:00
sh4
cputlb: Change tlb_flush() argument to CPUState
2014-03-13 19:52:47 +01:00
sparc
sun4m: Add Sun CG3 framebuffer initialisation function
2014-02-27 10:01:41 +00:00
sparc64
pc,pci,virtio fixes and cleanups
2013-09-03 12:31:07 -05:00
ssi
pl022: fix buffer overun on invalid state load
2014-05-05 22:15:02 +02:00
timer
hpet: fix buffer overrun on invalid state load
2014-05-05 22:15:02 +02:00
tpm
aio / timers: Untangle include files
2013-08-22 19:10:27 +02:00
unicore32
console: add head to index to qemu consoles.
2014-03-05 09:52:04 +01:00
usb
usb: mtp filesharing
2014-04-23 10:28:14 +02:00
virtio
virtio: validate num_sg when mapping
2014-05-05 22:15:02 +02:00
watchdog
qemu-option: Remove qemu_opts_create_nofail
2014-01-06 15:02:30 -05:00
xen
Call pci_piix3_xen_ide_unplug from unplug_disks
2014-02-20 17:28:08 +00:00
xtensa
hw/xtensa: add support for ML605 and KC705 FPGA board
2014-02-24 04:47:01 +04:00
Makefile.objs
hw/9pfs: Include virtio-9p-device.o in build
2014-03-04 09:20:49 +05:30