diff options
| author | Sergei Lukin <sergej.lukin@gmail.com> | 2017-04-18 12:55:12 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-04-21 12:52:14 +0000 |
| commit | 251f7b99aba7d81c9ef398c6f3ec41f06c2ba661 (patch) | |
| tree | 980a1728084ee290a631b716d1697125994dfe48 /main/qemu/CVE-2017-5579.patch | |
| parent | 6e43b8e910ddb974b60364e4a18c31ff9c22b9e8 (diff) | |
| download | aports-251f7b99aba7d81c9ef398c6f3ec41f06c2ba661.tar.bz2 aports-251f7b99aba7d81c9ef398c6f3ec41f06c2ba661.tar.xz | |
main/qemu: security fixes #6921
CVE-2016-7994: Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d
CVE-2016-7995: Qemu: usb: hcd-ehci: memory leak in ehci_process_itd
CVE-2016-8576: Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
CVE-2016-8577: Qemu: 9pfs: host memory leakage in v9fs_read
CVE-2016-8578: Qemu: 9pfs: potential NULL dereferencein 9pfs routines
CVE-2016-8668: Qemu: net: OOB buffer access in rocker switch emulation
CVE-2016-8909: Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
CVE-2016-8910: Qemu: net: rtl8139: infinite loop while transmit in C+ mode
CVE-2016-9101: Qemu: net: eepro100 memory leakage at device unplug
CVE-2016-9102: Qemu: 9pfs: memory leakage when creating extended attribute
CVE-2016-9103: Qemu: 9pfs: information leakage via xattribute
CVE-2016-9104: Qemu: 9pfs: integer overflow leading to OOB access
CVE-2016-9105: Qemu: memory leakage in v9fs_link
CVE-2016-9106: Qemu: 9pfs: memory leakage in v9fs_write
CVE-2017-5525: Qemu: audio: memory leakage in ac97 device
CVE-2017-5552: Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
CVE-2017-5578: Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing
CVE-2017-5579: Qemu: serial: host memory leakage in 16550A UART emulation
CVE-2017-5667: Qemu: sd: sdhci OOB access during multi block SDMA transfer
CVE-2017-5856: Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd
CVE-2017-5857: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref
CVE-2017-5898: Qemu: usb: integer overflow in emulated_apdu_from_guest
CVE-2017-5931: virtio: integer overflow in handling virtio-crypto requests
CVE-2017-2615: Qemu: display: cirrus: oob access while doing bitblt copy backward mode
CVE-2017-2620: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list
Diffstat (limited to 'main/qemu/CVE-2017-5579.patch')
| -rwxr-xr-x | main/qemu/CVE-2017-5579.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/main/qemu/CVE-2017-5579.patch b/main/qemu/CVE-2017-5579.patch new file mode 100755 index 0000000000..120e88d72c --- /dev/null +++ b/main/qemu/CVE-2017-5579.patch @@ -0,0 +1,40 @@ +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 4 Jan 2017 00:43:16 -0800 +Subject: [PATCH] serial: fix memory leak in serial exit + +The serial_exit_core function doesn't free some resources. +This can lead memory leak when hotplug and unplug. This +patch avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/char/serial.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index ffbacd8..67b18ed 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) + void serial_exit_core(SerialState *s) + { + qemu_chr_fe_deinit(&s->chr); ++ ++ timer_del(s->modem_status_poll); ++ timer_free(s->modem_status_poll); ++ ++ timer_del(s->fifo_timeout_timer); ++ timer_free(s->fifo_timeout_timer); ++ ++ fifo8_destroy(&s->recv_fifo); ++ fifo8_destroy(&s->xmit_fifo); ++ + qemu_unregister_reset(serial_reset, s); + } + +-- +1.8.3.1 + |