OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
d4862a87e3
qemu-e2k/hw
History
Petr Matousek d4862a87e3 i8254: fix out-of-bounds memory access in pit_ioport_read() 
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.

Fix this by ignoring read from the Mode/Command register.

This is CVE-2015-3214.

Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17 16:03:47 +02:00
..
9pfs virtio-9p-device: move qdev properties into virtio-9p-device.c 2015-06-10 18:15:34 +02:00
acpi migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
alpha
arm hw/arm/virt-acpi-build: Add SPCR table 2015-06-15 18:06:11 +01:00
audio
block migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
bt
char migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
core nmi: Implement inject_nmi() for non-monitor context use 2015-06-11 17:45:50 +02:00
cpu
cris
display virtio-gpu: pci support bits and virtio-vga. 2015-06-16 10:35:43 +01:00
dma dma/rc4030: convert to QOM 2015-06-11 10:13:29 +01:00
gpio
i2c
i386 Disable section footers on older machine types 2015-06-12 06:54:01 +02:00
ide migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
input migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
intc arm_gic: gic_update should always update all cores 2015-06-15 18:06:07 +01:00
ipack
isa virtio-gpu: pci support bits and virtio-vga. 2015-06-16 10:35:43 +01:00
lm32
m68k
mem
microblaze
mips net/dp8393x: add PROM to store MAC address 2015-06-11 10:13:30 +01:00
misc
moxie
net -----BEGIN PGP SIGNATURE----- 2015-06-12 15:39:05 +01:00
nvram fw_cfg: prohibit insertion of duplicate fw_cfg file names 2015-06-10 08:00:37 +02:00
openrisc
pci virtio-vga: add '-vga virtio' support 2015-06-12 10:13:23 +02:00
pci-bridge
pci-host migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
pcmcia
ppc fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc 2015-06-10 08:00:37 +02:00
s390x pc, acpi, virtio 2015-06-11 15:33:38 +01:00
scsi migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
sd hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps 2015-06-15 18:06:09 +01:00
sh4 sh4/r2d: convert to new MMIO accessor style 2015-06-12 12:02:48 +02:00
sparc fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc 2015-06-10 08:00:37 +02:00
sparc64 fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc 2015-06-10 08:00:37 +02:00
ssi
timer i8254: fix out-of-bounds memory access in pit_ioport_read() 2015-06-17 16:03:47 +02:00
tpm
tricore
unicore32
usb migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
vfio hw/vfio/platform: replace g_malloc0_n by g_new0 2015-06-11 14:22:57 +01:00
virtio virtio-gpu: pci support bits and virtio-vga. 2015-06-16 10:35:43 +01:00
watchdog watchdog: Add new Virtual Watchdog action INJECT-NMI 2015-06-11 17:45:50 +02:00
xen xen_backend: Remove unused error handling of qemu_set_fd_handler 2015-06-12 13:26:21 +01:00
xenpv
xtensa
Makefile.objs