Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
xen.3679
CVE-2016-6836-qemuu-net-vmxnet3-information-lea...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-6836-qemuu-net-vmxnet3-information-leakage-in-vmxnet3_complete_packet.patch of Package xen.3679
References: bsc#994761 CVE-2016-6836 In Vmxnet3 device emulator while processing transmit(tx) queue, when it reaches end of packet, it calls vmxnet3_complete_packet. In that local 'txcq_descr' object is not initialised, which could leak host memory bytes a guest. Reported-by: Li Qiang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/vmxnet3.c | 1 + 1 file changed, 1 insertion(+) Index: xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/net/vmxnet3.c =================================================================== --- xen-4.5.3-testing.orig/tools/qemu-xen-dir-remote/hw/net/vmxnet3.c +++ xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/net/vmxnet3.c @@ -498,6 +498,7 @@ static void vmxnet3_complete_packet(VMXN VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring); + memset(&txcq_descr, 0, sizeof(txcq_descr)); txcq_descr.txdIdx = tx_ridx; txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor