qemu: fix CVE-2023-42467 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2023-10-05 11:12:52 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-10-06 11:51:11 +0100
commit	ba7ac22f2ed783fd4b304c4e3ca0d1203475a81f (patch)
tree	8f09385fe2e669929a785ee6095ec28603224759 /scripts/lib/devtool/upgrade.py
parent	3ddddfc14f805fe7572bba129605869fb848fed4 (diff)
download	poky-ba7ac22f2ed783fd4b304c4e3ca0d1203475a81f.tar.gz

qemu: fix CVE-2023-42467

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. References: https://nvd.nist.gov/vuln/detail/CVE-2023-42467 https://gitlab.com/qemu-project/qemu/-/issues/1813 (From OE-Core rev: 7c42b976d7a72acf917bae9d055768a1350e507d) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/devtool/upgrade.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: