Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12:Update
xen
CVE-2013-4527-qemuu-hpet-buffer-overrun-on-inva...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2013-4527-qemuu-hpet-buffer-overrun-on-invalid-state-load.patch of Package xen
References: bsc#964746 CVE-2013-4527 Subject: hpet: fix buffer overrun on invalid state load From: Michael S. Tsirkin mst@redhat.com Thu Apr 3 19:51:23 2014 +0300 Date: Mon May 5 22:15:02 2014 +0200: Git: 3f1c49e2136fa08ab1ef3183fd55def308829584 CVE-2013-4527 hw/timer/hpet.c buffer overrun hpet is a VARRAY with a uint8 size but static array of 32 To fix, make sure num_timers is valid using VMSTATE_VALID hook. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/timer/hpet.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/timer/hpet.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/timer/hpet.c @@ -311,6 +311,7 @@ static const VMStateDescription vmstate_ VMSTATE_UINT64(isr, HPETState), VMSTATE_UINT64(hpet_counter, HPETState), VMSTATE_UINT8_V(num_timers, HPETState, 2), + VMSTATE_VALIDATE("num_timers in range", hpet_validate_num_timers), VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0, vmstate_hpet_timer, HPETTimer), VMSTATE_END_OF_LIST()
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor