Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen.10697
CVE-2016-2841-qemuu-ne2000-infinite-loop-in-ne2...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-2841-qemuu-ne2000-infinite-loop-in-ne2000_receive.patch of Package xen.10697
References: bsc#969351 CVE-2016-2841 From: Prasad J Pandit <address@hidden> Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. Registers PSTART & PSTOP define ring buffer size & location. Setting these registers to invalid values could lead to infinite loop or OOB r/w access issues. Add check to avoid it. Reported-by: Yang Hongke <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/ne2000.c | 4 ++++ 1 file changed, 4 insertions(+) Update per review: -> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05522.html Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/net/ne2000.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/net/ne2000.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/net/ne2000.c @@ -154,6 +154,10 @@ static int ne2000_buffer_full(NE2000Stat { int avail, index, boundary; + if (s->stop <= s->start) { + return 1; + } + index = s->curpag << 8; boundary = s->boundary << 8; if (index < boundary)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor