From 251f7b99aba7d81c9ef398c6f3ec41f06c2ba661 Mon Sep 17 00:00:00 2001 From: Sergei Lukin Date: Tue, 18 Apr 2017 12:55:12 +0000 Subject: main/qemu: security fixes #6921 CVE-2016-7994: Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d CVE-2016-7995: Qemu: usb: hcd-ehci: memory leak in ehci_process_itd CVE-2016-8576: Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch CVE-2016-8577: Qemu: 9pfs: host memory leakage in v9fs_read CVE-2016-8578: Qemu: 9pfs: potential NULL dereferencein 9pfs routines CVE-2016-8668: Qemu: net: OOB buffer access in rocker switch emulation CVE-2016-8909: Qemu: audio: intel-hda: infinite loop in processing dma buffer stream CVE-2016-8910: Qemu: net: rtl8139: infinite loop while transmit in C+ mode CVE-2016-9101: Qemu: net: eepro100 memory leakage at device unplug CVE-2016-9102: Qemu: 9pfs: memory leakage when creating extended attribute CVE-2016-9103: Qemu: 9pfs: information leakage via xattribute CVE-2016-9104: Qemu: 9pfs: integer overflow leading to OOB access CVE-2016-9105: Qemu: memory leakage in v9fs_link CVE-2016-9106: Qemu: 9pfs: memory leakage in v9fs_write CVE-2017-5525: Qemu: audio: memory leakage in ac97 device CVE-2017-5552: Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing CVE-2017-5578: Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing CVE-2017-5579: Qemu: serial: host memory leakage in 16550A UART emulation CVE-2017-5667: Qemu: sd: sdhci OOB access during multi block SDMA transfer CVE-2017-5856: Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd CVE-2017-5857: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref CVE-2017-5898: Qemu: usb: integer overflow in emulated_apdu_from_guest CVE-2017-5931: virtio: integer overflow in handling virtio-crypto requests CVE-2017-2615: Qemu: display: cirrus: oob access while doing bitblt copy backward mode CVE-2017-2620: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list --- main/qemu/CVE-2017-5579.patch | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100755 main/qemu/CVE-2017-5579.patch (limited to 'main/qemu/CVE-2017-5579.patch') diff --git a/main/qemu/CVE-2017-5579.patch b/main/qemu/CVE-2017-5579.patch new file mode 100755 index 0000000000..120e88d72c --- /dev/null +++ b/main/qemu/CVE-2017-5579.patch @@ -0,0 +1,40 @@ +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 4 Jan 2017 00:43:16 -0800 +Subject: [PATCH] serial: fix memory leak in serial exit + +The serial_exit_core function doesn't free some resources. +This can lead memory leak when hotplug and unplug. This +patch avoid this. + +Signed-off-by: Li Qiang +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> +Signed-off-by: Paolo Bonzini +--- + hw/char/serial.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index ffbacd8..67b18ed 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) + void serial_exit_core(SerialState *s) + { + qemu_chr_fe_deinit(&s->chr); ++ ++ timer_del(s->modem_status_poll); ++ timer_free(s->modem_status_poll); ++ ++ timer_del(s->fifo_timeout_timer); ++ timer_free(s->fifo_timeout_timer); ++ ++ fifo8_destroy(&s->recv_fifo); ++ fifo8_destroy(&s->xmit_fifo); ++ + qemu_unregister_reset(serial_reset, s); + } + +-- +1.8.3.1 + -- cgit v1.2.3