diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2019-08-14 17:35:21 +0530 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2019-08-20 20:00:52 +0200 |
commit | de594e47659029316bbf9391efb79da0a1a08e08 (patch) | |
tree | 22f8f2a895bcf13ac6b57d574b48a44344bfa99b /block/qed-cluster.c | |
parent | a060297822ea6b4194bf36654e58c802448a3eea (diff) |
scsi: lsi: exit infinite loop while executing script (CVE-2019-12068)
When executing script in lsi_execute_script(), the LSI scsi adapter
emulator advances 's->dsp' index to read next opcode. This can lead
to an infinite loop if the next opcode is empty. Move the existing
loop exit after 10k iterations so that it covers no-op opcodes as
well.
Reported-by: Bugs SysSec <bugs-syssec@rub.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'block/qed-cluster.c')
0 files changed, 0 insertions, 0 deletions