Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12-SP2:GA
xen.5015
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch of Package xen.5015
References: bsc#1003032 CVE-2016-7909 The AMD PC-Net II emulator has set of control and status(CSR) registers. Of these, CSR76 and CSR78 hold receive and transmit descriptor ring length respectively. This ring length could range from 1 to 65535. Setting ring length to zero leads to an infinite loop in pcnet_rdra_addr. Add check to avoid it. Reported-by: Li Qiang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/pcnet.c | 3 +++ 1 file changed, 3 insertions(+) Index: xen-4.4.4-testing/tools/qemu-xen-traditional-dir-remote/hw/pcnet.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/pcnet.c +++ xen-4.4.4-testing/tools/qemu-xen-traditional-dir-remote/hw/pcnet.c @@ -1476,8 +1476,11 @@ static void pcnet_csr_writew(PCNetState case 47: /* POLLINT */ case 72: case 74: + break; case 76: /* RCVRL */ case 78: /* XMTRL */ + val = (val > 0) ? val : 512; + break; case 112: if (CSR_STOP(s) || CSR_SPND(s)) break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor