diff options
author | Khem Raj <raj.khem@gmail.com> | 2023-08-27 09:38:09 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-08-30 09:56:10 +0100 |
commit | 5b68ec70ecc9779146789cc635d8ab60928e9233 (patch) | |
tree | 4de0aa4961377b6d9a037c34eb7bdc5a4c8c30b6 /meta/recipes-devtools/qemu | |
parent | 5bbcf129b83d2b78cae7ecb1fe19bab72e54b3f7 (diff) | |
download | openembedded-core-5b68ec70ecc9779146789cc635d8ab60928e9233.tar.gz |
qemu: Fix CVE-2023-40360
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/0001-CVE-2023-40360-hw-nvme-fix-null-pointer-access-in-di.patch | 39 |
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 82a7b361b1..b98169c243 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -28,6 +28,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \ file://0001-tracetool-use-relative-paths-for-line-preprocessor-d.patch \ + file://0001-CVE-2023-40360-hw-nvme-fix-null-pointer-access-in-di.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ " diff --git a/meta/recipes-devtools/qemu/qemu/0001-CVE-2023-40360-hw-nvme-fix-null-pointer-access-in-di.patch b/meta/recipes-devtools/qemu/qemu/0001-CVE-2023-40360-hw-nvme-fix-null-pointer-access-in-di.patch new file mode 100644 index 0000000000..731b0281f4 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0001-CVE-2023-40360-hw-nvme-fix-null-pointer-access-in-di.patch @@ -0,0 +1,39 @@ +From 83dd3da9fac872fac9739b9dcb96232c93675824 Mon Sep 17 00:00:00 2001 +From: Klaus Jensen <k.jensen@samsung.com> +Date: Tue, 8 Aug 2023 17:16:13 +0200 +Subject: [PATCH] CVE-2023-40360 hw/nvme: fix null pointer access in directive + receive + +nvme_directive_receive() does not check if an endurance group has been +configured (set) prior to testing if flexible data placement is enabled +or not. + +Fix this. + +CVE: CVE-2023-40360 +Upstream-Status: Backport [https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98] +Cc: qemu-stable@nongnu.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1815 +Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") +Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> +Signed-off-by: Klaus Jensen <k.jensen@samsung.com> +--- + hw/nvme/ctrl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 2097fb131..36a2846c3 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -6862,7 +6862,7 @@ static uint16_t nvme_directive_receive(NvmeCtrl *n, NvmeRequest *req) + case NVME_DIRECTIVE_IDENTIFY: + switch (doper) { + case NVME_DIRECTIVE_RETURN_PARAMS: +- if (ns->endgrp->fdp.enabled) { ++ if (ns->endgrp && ns->endgrp->fdp.enabled) { + id.supported |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; + id.enabled |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; + id.persistent |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; +-- +2.42.0 + |