diff options
author | Sergei Lukin <sergej.lukin@gmail.com> | 2017-04-18 12:55:12 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-04-21 12:52:14 +0000 |
commit | 251f7b99aba7d81c9ef398c6f3ec41f06c2ba661 (patch) | |
tree | 980a1728084ee290a631b716d1697125994dfe48 /main/qemu/CVE-2016-9102.patch | |
parent | 6e43b8e910ddb974b60364e4a18c31ff9c22b9e8 (diff) | |
download | aports-251f7b99aba7d81c9ef398c6f3ec41f06c2ba661.tar.bz2 aports-251f7b99aba7d81c9ef398c6f3ec41f06c2ba661.tar.xz |
main/qemu: security fixes #6921
CVE-2016-7994: Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d
CVE-2016-7995: Qemu: usb: hcd-ehci: memory leak in ehci_process_itd
CVE-2016-8576: Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
CVE-2016-8577: Qemu: 9pfs: host memory leakage in v9fs_read
CVE-2016-8578: Qemu: 9pfs: potential NULL dereferencein 9pfs routines
CVE-2016-8668: Qemu: net: OOB buffer access in rocker switch emulation
CVE-2016-8909: Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
CVE-2016-8910: Qemu: net: rtl8139: infinite loop while transmit in C+ mode
CVE-2016-9101: Qemu: net: eepro100 memory leakage at device unplug
CVE-2016-9102: Qemu: 9pfs: memory leakage when creating extended attribute
CVE-2016-9103: Qemu: 9pfs: information leakage via xattribute
CVE-2016-9104: Qemu: 9pfs: integer overflow leading to OOB access
CVE-2016-9105: Qemu: memory leakage in v9fs_link
CVE-2016-9106: Qemu: 9pfs: memory leakage in v9fs_write
CVE-2017-5525: Qemu: audio: memory leakage in ac97 device
CVE-2017-5552: Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
CVE-2017-5578: Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing
CVE-2017-5579: Qemu: serial: host memory leakage in 16550A UART emulation
CVE-2017-5667: Qemu: sd: sdhci OOB access during multi block SDMA transfer
CVE-2017-5856: Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd
CVE-2017-5857: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref
CVE-2017-5898: Qemu: usb: integer overflow in emulated_apdu_from_guest
CVE-2017-5931: virtio: integer overflow in handling virtio-crypto requests
CVE-2017-2615: Qemu: display: cirrus: oob access while doing bitblt copy backward mode
CVE-2017-2620: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list
Diffstat (limited to 'main/qemu/CVE-2016-9102.patch')
-rwxr-xr-x | main/qemu/CVE-2016-9102.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/main/qemu/CVE-2016-9102.patch b/main/qemu/CVE-2016-9102.patch new file mode 100755 index 0000000000..b6cfa02efe --- /dev/null +++ b/main/qemu/CVE-2016-9102.patch @@ -0,0 +1,34 @@ +From ff55e94d23ae94c8628b0115320157c763eb3e06 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Mon, 17 Oct 2016 14:13:58 +0200 +Subject: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate + +The 'fs.xattr.value' field in V9fsFidState object doesn't consider the +situation that this field has been allocated previously. Every time, it +will be allocated directly. This leads to a host memory leak issue if +the client sends another Txattrcreate message with the same fid number +before the fid from the previous time got clunked. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Greg Kurz <groug@kaod.org> +[groug, updated the changelog to indicate how the leak can occur] +Signed-off-by: Greg Kurz <groug@kaod.org> +--- + hw/9pfs/9p.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index bf23b01..66135cf 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -3282,6 +3282,7 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque) + xattr_fidp->fs.xattr.flags = flags; + v9fs_string_init(&xattr_fidp->fs.xattr.name); + v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); ++ g_free(xattr_fidp->fs.xattr.value); + xattr_fidp->fs.xattr.value = g_malloc0(size); + err = offset; + put_fid(pdu, file_fidp); +-- +1.8.3.1 + |