Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP6
qemu.28166
hw-pvrdma-Protect-against-buggy-or-malic.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hw-pvrdma-Protect-against-buggy-or-malic.patch of Package qemu.28166
From: Yuval Shaia <yuval.shaia.ml@gmail.com> Date: Sun, 3 Apr 2022 12:52:34 +0300 Subject: hw/pvrdma: Protect against buggy or malicious guest driver Git-commit: 31c4b6fb0293e359f9ef8a61892667e76eea4c99 References: bsc#1197653, CVE-2022-1050 Guest driver might execute HW commands when shared buffers are not yet allocated. This could happen on purpose (malicious guest) or because of some other guest/host address mapping error. We need to protect againts such case. Fixes: CVE-2022-1050 Reported-by: Raven <wxhusst@gmail.com> Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Dario Faggioli <dfaggioli@suse.com> --- hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c index 1df0b256fa88e092767e18c471cb..1e23b34410fdbee4d466eac546c3 100644 --- a/hw/rdma/vmw/pvrdma_cmd.c +++ b/hw/rdma/vmw/pvrdma_cmd.c @@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev) dsr_info = &dev->dsr_info; + if (!dsr_info->dsr) { + /* Buggy or malicious guest driver */ + rdma_error_report("Exec command without dsr, req or rsp buffers"); + goto out; + } + if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) / sizeof(struct cmd_handler)) { rdma_error_report("Unsupported command");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor