qemu: fix CVE-2024-3446 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2024-12-04 05:23:34 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	e0736e9b27fc54bc2c50b5e83ff0d66f4f067bd1 (patch)
tree	b5d1f485ad12b7ea07a7d3ea6ea897c682c80ff4 /scripts/lib/argparse_oe.py
parent	47b90adf882fac910e85d3ed6383aec2e3d131b3 (diff)
download	poky-e0736e9b27fc54bc2c50b5e83ff0d66f4f067bd1.tar.gz

qemu: fix CVE-2024-3446

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a d enial of service or allow arbitrary code execution within the context of the QEMU process on the host. CVE-2024-3446-0004, CVE-2024-3446-0005, CVE-2024-3446-0006 are CVE fix and CVE-2024-3446-0001, CVE-2024-3446-0002, CVE-2024-3446-0003 are dependent commits to fix the CVE. References: https://nvd.nist.gov/vuln/detail/CVE-2024-3446 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/9c86c97f12c060bf7484dd931f38634e166a81f0 https://gitlab.com/qemu-project/qemu/-/commit/f63192b0544af5d3e4d5edfd85ab520fcf671377 https://gitlab.com/qemu-project/qemu/-/commit/ec0504b989ca61e03636384d3602b7bf07ffe4da https://gitlab.com/qemu-project/qemu/-/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132 https://gitlab.com/qemu-project/qemu/-/commit/b4295bff25f7b50de1d9cc94a9c6effd40056bca https://gitlab.com/qemu-project/qemu/-/commit/f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc (From OE-Core rev: db7e3a56656db0bc61ec2e35ccc149e9b90a389b) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/argparse_oe.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: