Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.4507
CVE-2016-5105-qemuu-scsi-megasas-stack-informat...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-5105-qemuu-scsi-megasas-stack-information-leakage-while-reading-configuration.patch of Package xen.4507
References: bsc#982024 CVE-2016-5105 When reading MegaRAID SAS controller configuration via MegaRAID Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read uses an uninitialised local data buffer. Initialise this buffer to avoid stack information leakage. Reported-by: Li Qiang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/scsi/megasas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Update as per -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04402.html Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c @@ -1190,7 +1190,7 @@ static int megasas_dcmd_ld_get_info(Mega static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd) { - uint8_t data[4096]; + uint8_t data[4096] = { 0 }; struct mfi_config_data *info; int num_pd_disks = 0, array_offset, ld_offset; BusChild *kid;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor