Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen.10697
CVE-2017-8112-qemuu-scsi-vmw_pvscsi-infinite-lo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-8112-qemuu-scsi-vmw_pvscsi-infinite-loop-in-pvscsi_log2.patch of Package xen.10697
References: bsc#1036470 CVE-2017-8112 Vmware Paravirtual SCSI emulation uses command descriptors to process SCSI commands. These come with their message ring buffers. A guest could set the message ring page count to an arbitrary value resulting in infinite loop. Add check to avoid it. Reported-by: YY Z <address@hidden> Signed-off-by: P J P <address@hidden> --- hw/scsi/vmw_pvscsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/vmw_pvscsi.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/vmw_pvscsi.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/vmw_pvscsi.c @@ -178,7 +178,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, uint32_t len_log2; uint32_t ring_size; - if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { + if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { return -1; } ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor