OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
d4862a87e3
qemu-e2k/hw/timer
History
Petr Matousek d4862a87e3 i8254: fix out-of-bounds memory access in pit_ioport_read() 
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.

Fix this by ignoring read from the Mode/Command register.

This is CVE-2015-3214.

Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17 16:03:47 +02:00
..
a9gtimer.c Fix remaining warnings from Sparse (void return) 2015-03-19 11:11:55 +03:00
allwinner-a10-pit.c
arm_mptimer.c vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR* 2015-01-26 12:22:44 +01:00
arm_timer.c hw/timer/arm_timer.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
cadence_ttc.c timer: cadence_ttc: Convert to instance_init 2014-06-29 18:38:40 +01:00
digic-timer.c
ds1338.c
etraxfs_timer.c
exynos4210_mct.c
exynos4210_pwm.c
exynos4210_rtc.c
grlib_gptimer.c
hpet.c migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
i8254_common.c savevm: Remove all the unneeded version_minimum_id_old (x86) 2014-06-16 04:55:26 +02:00
i8254.c i8254: fix out-of-bounds memory access in pit_ioport_read() 2015-06-17 16:03:47 +02:00
imx_epit.c hw/timer/imx_*: fix TIMER_MAX clash with system symbol 2014-08-09 00:06:32 +04:00
imx_gpt.c hw/timer/imx_*: fix TIMER_MAX clash with system symbol 2014-08-09 00:06:32 +04:00
lm32_timer.c
m48t59.c m48t59: add m48t59 sysbus device 2015-03-10 09:18:56 +00:00
Makefile.objs stm32f2xx_timer: Add the stm32f2xx Timer 2015-03-11 13:21:05 +00:00
mc146818rtc.c migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
milkymist-sysctl.c
omap_gptimer.c omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
omap_synctimer.c
pl031.c
puv3_ost.c
pxa2xx_timer.c
sh_timer.c
slavio_timer.c
stm32f2xx_timer.c stm32f2xx_timer: Add the stm32f2xx Timer 2015-03-11 13:21:05 +00:00
tusb6010.c hw/timer: Move extern declaration from .c to .h file 2014-08-09 00:06:32 +04:00
twl92230.c
xilinx_timer.c