OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw
History
Gerd Hoffmann fd3c136b3e vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). 
Call vbe_update_vgaregs() when the guest touches GFX, SEQ or CRT
registers, to make sure the vga registers will always have the
values needed by vbe mode.  This makes sure the sanity checks
applied by vbe_fixup_regs() are effective.

Without this guests can muck with shift_control, can turn on planar
vga modes or text mode emulation while VBE is active, making qemu
take code paths meant for CGA compatibility, but with the very
large display widths and heigts settable using VBE registers.

Which is good for one or another buffer overflow.  Not that
critical as they typically read overflows happening somewhere
in the display code.  So guests can DoS by crashing qemu with a
segfault, but it is probably not possible to break out of the VM.

Fixes: CVE-2016-3712
Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
Reported-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 		2016-05-02 16:02:59 +02:00
..
9pfs util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
acpi acpi: fix bios linker loadder COMMAND_ALLOCATE on bigendian host 2016-05-01 15:42:13 +03:00
alpha util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
arm hw/arm/boot: always clear r0 when booting kernels 2016-04-21 12:10:17 +01:00
audio Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND 2016-03-22 22:20:17 +01:00
block Fix pflash migration 2016-04-15 17:27:34 +02:00
bt util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
char cadence_uart: bounds check write offset 2016-04-19 11:13:59 +01:00
core Sort the fw_cfg file list 2016-04-07 19:57:33 +03:00
cpu include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
cris util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
display vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). 2016-05-02 16:02:59 +02:00
dma Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND 2016-03-22 22:20:17 +01:00
gpio hw/gpio: Add the emulation of gpio_key 2016-03-30 17:27:22 +01:00
i2c i.MX: Add missing descriptions in devices. 2016-03-16 17:42:18 +00:00
i386 tpm: acpi: remove IRQ from TPM's CRS to make Windows not see conflict 2016-04-13 19:52:34 +03:00
ide ide: really restart pending and in-flight atapi dma 2016-04-12 18:48:15 -04:00
input virtio-input: support absolute axis config in pass-through 2016-04-13 17:26:12 +02:00
intc Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND 2016-03-22 22:20:17 +01:00
ipack include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
ipmi include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
isa hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
lm32 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
microblaze util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
mips hw/mips/cps: enable ITU for multithreading processors 2016-03-30 09:14:00 +01:00
misc cuda: fix off-by-one error in SET_TIME command 2016-04-19 11:39:23 +10:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net net: stellaris_enet: check packet length against receive buffer 2016-04-11 14:22:33 +01:00
nvram Sort the fw_cfg file list 2016-04-07 19:57:33 +03:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
pci-bridge hw/pci-bridge: Add missing unref in case register-bus fails 2016-04-07 19:57:33 +03:00
pci-host include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc spapr_drc: fix aborts during DRC-count based hotplug 2016-04-26 11:16:08 +10:00
s390x hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
scsi virtio: merge virtio_queue_aio_set_host_notifier_handler with virtio_queue_set_aio 2016-04-07 19:57:33 +03:00
sd Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND 2016-03-22 22:20:17 +01:00
sh4 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
smbios include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
sparc util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi hw: Clean up includes 2016-01-29 15:07:25 +00:00
timer hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS" 2016-04-08 00:07:43 +02:00
tpm tpm: Fix write to file descriptor function 2016-04-13 19:52:34 +03:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb usb/uhci: move pid check 2016-04-25 12:05:05 +01:00
vfio VFIO updates 2016-03-28 2016-03-29 17:39:41 +01:00
virtio virtio: Mark host notifiers as external 2016-04-22 16:43:58 +02:00
watchdog util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
xen util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
xenpv xen: Clean up includes 2016-01-29 15:07:23 +00:00
xtensa hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00