mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-01 00:59:48 +00:00
Code Issues Projects Releases Wiki Activity

qemu: Security fix for CVE-2019-12155

Browse Source 
Source: qemu.org
MR: 98382
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3
Description:

Fixes CVE-2019-12155
Affects: <= 4.0.0
(From OE-Core rev: 6045c57895cad301c5e3a94de740427343a08065)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2019-06-06 17:19:30 -07:00
committed by Richard Purdie
parent a43499cf8e
commit 8e6d657a9c
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch
+38
View File
@@ -0,0 +1,38 @@
From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 25 Apr 2019 12:05:34 +0530
Subject: [PATCH] qxl: check release info object
When releasing spice resources in release_resource() routine,
if release info object 'ext.info' is null, it leads to null
pointer dereference. Add check to avoid it.
Reported-by: Bugs SysSec <bugs-syssec@rub.de>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20190425063534.32747-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Upstream-Status: Backport
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
CVE: CVE-2019-12155
Affects: <= 4.0.0
Signed-off-by: Armin Kuster <akuster@mvistra.com>
---
hw/display/qxl.c | 3 +++
1 file changed, 3 insertions(+)
Index: qemu-3.0.0/hw/display/qxl.c
===================================================================
--- qemu-3.0.0.orig/hw/display/qxl.c
+++ qemu-3.0.0/hw/display/qxl.c
@@ -764,6 +764,9 @@ static void interface_release_resource(Q
QXLReleaseRing *ring;
uint64_t *item, id;
+ if (!ext.info) {
+ return;
+ }
if (ext.group_id == MEMSLOT_GROUP_HOST) {
/* host group -> vga mode update request */
QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
meta/recipes-devtools/qemu/qemu_3.0.0.bb
+1
View File
@@ -31,6 +31,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2018-19364_p1.patch \ file://CVE-2018-19364_p1.patch \
file://CVE-2018-19364_p2.patch \ file://CVE-2018-19364_p2.patch \
file://CVE-2018-19489.patch \ file://CVE-2018-19489.patch \
file://CVE-2019-12155.patch \
" "
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"