Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
qemu-linux-user.7445
0274-net-vmxnet3-check-for-device_active.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0274-net-vmxnet3-check-for-device_active.patch of Package qemu-linux-user.7445
From 038d09a7f6087d18f177ea64fb9f5fe629994a23 Mon Sep 17 00:00:00 2001 From: Li Qiang <liqiang6-s@360.cn> Date: Mon, 8 Aug 2016 18:08:31 +0530 Subject: [PATCH] net: vmxnet3: check for device_active before write Vmxnet3 device emulator does not check if the device is active, before using it for write. It leads to a use after free issue, if the vmxnet3_io_bar0_write routine is called after the device is deactivated. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Acked-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com> (cherry picked from commit 6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8) [BR: CVE-2016-6888 BSC#994771] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/net/vmxnet3.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 889cda4d34..76ba1eeec7 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -1070,6 +1070,10 @@ vmxnet3_io_bar0_write(void *opaque, hwaddr addr, { VMXNET3State *s = opaque; + if (!s->device_active) { + return; + } + if (VMW_IS_MULTIREG_ADDR(addr, VMXNET3_REG_TXPROD, VMXNET3_DEVICE_MAX_TX_QUEUES, VMXNET3_REG_ALIGN)) { int tx_queue_idx =
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor