SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
FRET-qemu/hw
History
Prasad J Pandit b8d7f1bc59 ide: atapi: check logical block address and read size (CVE-2020-29443) 
While processing ATAPI cmd_read/cmd_read_cd commands,
Logical Block Address (LBA) maybe invalid OR closer to the last block,
leading to an OOB access issues. Add range check to avoid it.

Fixes: CVE-2020-29443
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20210118115130.457044-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-23 09:26:40 -05:00
..
9pfs
9pfs: Fully restart unreclaim loop (CVE-2021-20181)
2021-01-15 08:44:28 +01:00
acpi
acpi: Add addr offset in build_crs
2021-01-17 06:42:54 -05:00
adc
hw/adc: Add an ADC module for NPCM7XX
2021-01-12 21:19:02 +00:00
alpha
vl: extract softmmu/datadir.c
2020-12-10 12:15:18 -05:00
arm
hw/*: Use type casting for SysBusDevice in NPCM7XX
2021-01-12 21:19:02 +00:00
audio
audio/via-ac97: Simplify code and set user_creatable to false
2021-01-04 23:24:44 +01:00
avr
vl: extract softmmu/datadir.c
2020-12-10 12:15:18 -05:00
block
nbd patches for 2021-01-20
2021-01-21 10:44:28 +00:00
char
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
core
clock: Define and use new clock_display_freq()
2021-01-04 23:24:44 +01:00
cpu
cpu/core: Register core-id and nr-threads as class properties
2020-09-22 16:48:29 -04:00
cris
cris: do not use ram_size global
2020-12-10 12:15:07 -05:00
display
migration: Replace migration's JSON writer by the general one
2020-12-19 10:39:16 +01:00
dma
hw/dma/xilinx_axidma: Rename StreamSlave as StreamSink
2020-12-10 12:15:04 -05:00
gpio
nomaintainer: Fix Lesser GPL version number
2020-11-15 17:04:40 +01:00
hppa
hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h'
2021-01-04 23:24:44 +01:00
hyperv
qdev: Move softmmu properties to qdev-properties-system.h
2020-12-18 15:20:17 -05:00
i2c
nomaintainer: Fix Lesser GPL version number
2020-11-15 17:04:40 +01:00
i386
acpi: Add addr offset in build_crs
2021-01-17 06:42:54 -05:00
ide
ide: atapi: check logical block address and read size (CVE-2020-29443)
2021-01-23 09:26:40 -05:00
input
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
intc
hw/intc/ppc-uic: Make default dcr-base 0xc0, not 0x30
2021-01-19 10:20:29 +11:00
ipack
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
ipmi
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
isa
vt82c686: Rename superio config related parts
2021-01-04 23:24:44 +01:00
lm32
vl: extract softmmu/datadir.c
2020-12-10 12:15:18 -05:00
m68k
hw/m68k/next-cube: Add vmstate for NeXTPC device
2021-01-19 09:11:52 +01:00
mem
hw/*: Use type casting for SysBusDevice in NPCM7XX
2021-01-12 21:19:02 +00:00
microblaze
vl: make qemu_get_machine_opts static
2020-12-15 12:51:55 -05:00
mips
docs/system: Remove deprecated 'fulong2e' machine alias
2021-01-14 17:13:54 +01:00
misc
Trivial patches 20210118
2021-01-18 15:19:06 +00:00
moxie
moxie: do not use ram_size global
2020-12-10 12:15:08 -05:00
net
hw/net/lan9118: Add symbolic constants for register offsets
2021-01-12 21:19:02 +00:00
nios2
* New -action option and set-action QMP command (Alejandro)
2020-12-15 21:24:31 +00:00
nubus
meson: convert hw/nubus
2020-08-21 06:30:25 -04:00
nvram
hw/*: Use type casting for SysBusDevice in NPCM7XX
2021-01-12 21:19:02 +00:00
openrisc
target/openrisc: Move pic_cpu code into CPU object proper
2020-12-15 12:04:30 +00:00
pci
pci/shpc: don't push attention button when ejecting powered-off device
2021-01-13 09:06:37 -05:00
pci-bridge
Kconfig: Compile PXB for ARM_VIRT
2021-01-17 06:42:54 -05:00
pci-host
acpi/gpex: Exclude pxb's resources from PCI0
2021-01-17 06:42:54 -05:00
pcmcia
pxa2xx: Move QOM macros to header
2020-08-27 14:04:55 -04:00
ppc
spapr_cpu_core.c: use g_auto* in spapr_create_vcpu()
2021-01-19 10:20:29 +11:00
rdma
Machine queue, 2020-12-23
2021-01-01 22:57:15 +00:00
riscv
riscv: Pass RISCVHartArrayState by pointer
2021-01-16 14:34:46 -08:00
rtc
pl031: Use timer_free() in the finalize function to avoid memleaks
2021-01-18 11:51:26 +01:00
rx
rx: move BIOS load from MCU to board
2020-12-10 12:15:06 -05:00
s390x
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
scsi
block: Honor blk_set_aio_context() context requirements
2021-01-20 14:48:08 -06:00
sd
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
semihosting
semihosting: Implement SYS_ISERROR
2021-01-18 10:05:06 +00:00
sh4
hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h'
2021-01-04 23:24:44 +01:00
smbios
i386: do not use ram_size global
2020-12-10 12:15:08 -05:00
sparc
sun4m: don't connect two qemu_irqs directly to the same input
2021-01-06 11:41:37 +00:00
sparc64
vl: extract softmmu/datadir.c
2020-12-10 12:15:18 -05:00
ssi
hw/*: Use type casting for SysBusDevice in NPCM7XX
2021-01-12 21:19:02 +00:00
timer
hw/timer: Refactor NPCM7XX Timer to use CLK clock
2021-01-12 21:19:02 +00:00
tpm
qdev: Move qdev_prop_tpm declaration to tpm_prop.h
2020-12-18 15:20:17 -05:00
tricore
tricore tcg cpus: Fix Lesser GPL version number
2020-11-15 16:40:30 +01:00
unicore32
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
usb
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
vfio
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
virtio
hw/virtio-pci: Replace error_report() by qemu_log_mask(GUEST_ERROR)
2021-01-18 11:51:26 +01:00
watchdog
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
xen
qdev: Move softmmu properties to qdev-properties-system.h
2020-12-18 15:20:17 -05:00
xenpv
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
xtensa
vl: make qemu_get_machine_opts static
2020-12-15 12:51:55 -05:00
Kconfig
hw/net/can: Introduce Xilinx ZynqMP CAN controller
2020-12-10 11:30:44 +00:00
meson.build
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00