Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5854
CVE-2016-5337-qemuu-scsi-megasas-information-le...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-5337-qemuu-scsi-megasas-information-leakage-in-megasas_ctrl_get_info.patch of Package xen.5854
References: bsc#83973 CVE-2016-5337 While reading information via 'megasas_ctrl_get_info' routine, a local bios version buffer isn't null terminated. Add the terminating null byte to avoid any OOB access. Reported-by: Li Qiang <address@hidden> Reviewed-by: Peter Maydell <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> Signed-off-by: Paolo Bonzini <address@hidden> --- hw/scsi/megasas.c | 1 + 1 file changed, 1 insertion(+) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c @@ -723,6 +723,7 @@ static int megasas_ctrl_get_info(Megasas ptr = memory_region_get_ram_ptr(&pci_dev->rom); memcpy(biosver, ptr + 0x41, 31); + biosver[31] = 0; memcpy(info.image_component[1].name, "BIOS", 4); memcpy(info.image_component[1].version, biosver, strlen((const char *)biosver));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor