alwin.berger/FRET-qemu
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
FRET-qemu/hw/usb
History
Gerd Hoffmann 23ba9f170f uas: add stream number sanity checks. 
The device uses the guest-supplied stream number unchecked, which can
lead to guest-triggered out-of-band access to the UASDevice->data3 and
UASDevice->status3 fields.  Add the missing checks.

Fixes: CVE-2021-3713
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Chen Zhe <chenzhe@huawei.com>
Reported-by: Tan Jingguo <tanjingguo@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>
(cherry picked from commit 13b250b12ad3c59114a6a17d59caf073ce45b33a)
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-12-14 08:56:53 -06:00
..
bus.c
usb: remove support for -usbdevice parameters
2021-03-15 17:00:58 +01:00
ccid-card-emulated.c
modules: add ccid module annotations
2021-07-09 18:20:27 +02:00
ccid-card-passthru.c
modules: add ccid module annotations
2021-07-09 18:20:27 +02:00
ccid.h
Use OBJECT_DECLARE_TYPE when possible
2020-09-18 14:12:32 -04:00
chipidea.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
combined-packet.c
usb: limit combined packets to 1 MiB (CVE-2021-3527)
2021-05-05 15:06:01 +02:00
core.c
usb: add pcap support.
2021-01-22 14:51:35 +01:00
desc-msos.c
misc: Fix "havn't" typo
2021-07-09 18:42:46 +02:00
desc.c
usb: use local path for local headers
2018-06-01 19:20:38 +03:00
desc.h
all: Clean up includes
2016-02-23 12:43:05 +00:00
dev-audio.c
usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed)
2021-03-15 17:00:58 +01:00
dev-hid.c
usb/hid: avoid dynamic stack allocation
2021-05-04 08:38:23 +02:00
dev-hub.c
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
dev-mtp.c
usb/dev-mtp: use GDateTime for formatting timestamp for objects
2021-06-14 13:28:50 +01:00
dev-network.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
dev-serial.c
usb: remove support for -usbdevice parameters
2021-03-15 17:00:58 +01:00
dev-smartcard-reader.c
hw/usb: Constify VMStateDescription
2021-05-02 17:24:50 +02:00
dev-storage-bot.c
usb: drop usb_host_dev_is_scsi_storage hook
2021-07-09 18:21:33 +02:00
dev-storage-classic.c
usb: drop usb_host_dev_is_scsi_storage hook
2021-07-09 18:21:33 +02:00
dev-storage.c
usb/storage: clear csw on reset
2021-03-15 17:01:17 +01:00
dev-uas.c
uas: add stream number sanity checks.
2021-12-14 08:56:53 -06:00
dev-wacom.c
usb/hid: avoid dynamic stack allocation
2021-05-04 08:38:23 +02:00
hcd-dwc2.c
hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
2020-10-19 09:17:21 +02:00
hcd-dwc2.h
Use OBJECT_DECLARE_TYPE when possible
2020-09-18 14:12:32 -04:00
hcd-dwc3.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
hcd-ehci-pci.c
qdev: Unrealize must not fail
2020-05-15 07:08:14 +02:00
hcd-ehci-sysbus.c
hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()
2021-03-26 09:14:48 +01:00
hcd-ehci.c
hw/usb/hcd-ehci: Fix crash when showing help of EHCI devices
2021-03-26 11:10:49 +01:00
hcd-ehci.h
hw/arm/npcm7xx: Add EHCI and OHCI controllers
2020-10-27 11:10:21 +00:00
hcd-musb.c
exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h'
2020-06-12 11:20:15 -04:00
hcd-ohci-pci.c
Remove superfluous timer_del() calls
2021-01-08 15:13:38 +00:00
hcd-ohci.c
Various spelling fixes
2021-03-09 21:19:10 +01:00
hcd-ohci.h
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
hcd-uhci.c
hw/usb: Extract VT82C686 UHCI PCI function into a new unit
2021-03-15 17:00:59 +01:00
hcd-uhci.h
hw/usb/hcd-uhci: Expose generic prototypes to local header
2021-03-15 17:00:59 +01:00
hcd-xhci-nec.c
usb: Fix Lesser GPL version number
2020-11-15 16:40:48 +01:00
hcd-xhci-pci.c
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
hcd-xhci-pci.h
usb: Fix Lesser GPL version number
2020-11-15 16:40:48 +01:00
hcd-xhci-sysbus.c
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
hcd-xhci-sysbus.h
usb/xhci: add include/hw/usb/xhci.h header file
2020-10-21 11:36:19 +02:00
hcd-xhci.c
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
hcd-xhci.h
hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X
2021-05-28 09:10:20 +02:00
host-libusb.c
usb-host: wire up timer for windows
2021-07-29 11:18:24 +02:00
host.h
usb-host: move legacy cmd line bits
2013-02-19 12:30:05 +01:00
imx-usb-phy.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
Kconfig
usb/storage: add kconfig symbols
2021-03-15 17:01:12 +01:00
libhw.c
Include hw/hw.h exactly where needed
2019-08-16 13:31:52 +02:00
meson.build
usb: fix usb-host dependency check
2021-07-22 14:44:47 +02:00
pcap.c
usb/pcap: set flag_setup
2021-02-17 14:29:12 +01:00
quirks-ftdi-ids.h
Drop the deprecated lm32 target
2021-05-12 18:20:25 +02:00
quirks-pl2303-ids.h
usbredir: Add support for buffered bulk input (v2)
2013-01-08 10:56:58 +01:00
quirks.c
hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB
2020-03-16 23:02:25 +01:00
quirks.h
Drop the deprecated lm32 target
2021-05-12 18:20:25 +02:00
redirect.c
chardev: mark explicitly first argument as poisoned
2021-08-05 16:15:33 +04:00
trace-events
docs: fix references to docs/devel/tracing.rst
2021-06-02 06:51:09 +02:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
tusb6010.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
u2f-emulated.c
usb: fix u2f build
2020-09-21 09:44:54 +02:00
u2f-passthru.c
u2f-passthru: put it into the 'misc' category
2021-02-20 12:36:19 +01:00
u2f.c
usb: remove '-usbdevice u2f-key'
2021-03-15 17:00:58 +01:00
u2f.h
hw/usb: Add U2F key base class
2020-08-31 08:10:47 +02:00
vt82c686-uhci-pci.c
hw/usb: Extract VT82C686 UHCI PCI function into a new unit
2021-03-15 17:00:59 +01:00
xen-usb.c
hw: Do not include hw/sysbus.h if it is not necessary
2021-05-02 17:24:50 +02:00
xlnx-usb-subsystem.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
xlnx-versal-usb2-ctrl-regs.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00