qemu: fix CVE-2024-3447 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-12-04 05:23:35 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	450857b441c79898168691082210dbd2cd81bfc1 (patch)
tree	9a7fcb257ab64c76dec6f9dd403dca5226e28662 /scripts/lib/resulttool/manualexecution.py
parent	e0736e9b27fc54bc2c50b5e83ff0d66f4f067bd1 (diff)
download	poky-450857b441c79898168691082210dbd2cd81bfc1.tar.gz

qemu: fix CVE-2024-3447

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-3447 Upstream patch: https://gitlab.com/qemu-project/qemu/-/commit/2429cb7a9f460b544f4b07bcf02dbdedfc4dcb39 (From OE-Core rev: 01d7ac9244364b7f89cd2f99fff11c2417bcad03) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/resulttool/manualexecution.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: