slackcoder/qemu - QEMU is a generic and open source machine & userspace emulator and virtualizer

diff options

author	Prasad J Pandit <pjp@fedoraproject.org>	2021-01-30 18:46:52 +0530
committer	Michael Roth <michael.roth@amd.com>	2021-12-14 17:39:20 -0600
commit	1ce084af083b6958c8287ea742a008a105bc960d (patch)
tree	03f39b530c20f7c336b0c826de740248d4028996 /hw/net/e1000.c
parent	fec12fc8882b7326e820696ef81da3f1deeca11b (diff)

net: vmxnet3: validate configuration values during activate (CVE-2021-20203)

While activating device in vmxnet3_acticate_device(), it does not validate guest supplied configuration values against predefined minimum - maximum limits. This may lead to integer overflow or OOB access issues. Add checks to avoid it. Fixes: CVE-2021-20203 Buglink: https://bugs.launchpad.net/qemu/+bug/1913873 Reported-by: Gaoning Pan <pgn@zju.edu.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com> (cherry picked from commit d05dcd94aee88728facafb993c7280547eb4d645) Signed-off-by: Michael Roth <michael.roth@amd.com>

Diffstat (limited to 'hw/net/e1000.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: