mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 17:39:31 +00:00
Code Issues Projects Releases Wiki Activity
Files
e0736e9b27fc54bc2c50b5e83ff0d66f4f067bd1
poky/meta/recipes-devtools
T
History
Divya Chellam e0736e9b27 qemu: fix CVE-2024-3446 
A double free vulnerability was found in QEMU virtio devices
(virtio-gpu, virtio-serial-bus, virtio-crypto), where the
mem_reentrancy_guard flag insufficiently protects against DMA
reentrancy issues. This issue could allow a malicious privileged
guest to crash the QEMU process on the host, resulting in a d
enial of service or allow arbitrary code execution within the
context of the QEMU process on the host.

CVE-2024-3446-0004, CVE-2024-3446-0005, CVE-2024-3446-0006
are CVE fix and CVE-2024-3446-0001, CVE-2024-3446-0002,
CVE-2024-3446-0003 are dependent commits to fix the CVE.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-3446

Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/9c86c97f12c060bf7484dd931f38634e166a81f0
https://gitlab.com/qemu-project/qemu/-/commit/f63192b0544af5d3e4d5edfd85ab520fcf671377
https://gitlab.com/qemu-project/qemu/-/commit/ec0504b989ca61e03636384d3602b7bf07ffe4da
https://gitlab.com/qemu-project/qemu/-/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132
https://gitlab.com/qemu-project/qemu/-/commit/b4295bff25f7b50de1d9cc94a9c6effd40056bca
https://gitlab.com/qemu-project/qemu/-/commit/f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc

(From OE-Core rev: db7e3a56656db0bc61ec2e35ccc149e9b90a389b)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-12-09 07:54:03 -08:00
..
apt
apt: add missing <cstdint> for uint16_t
2023-10-18 05:13:24 -10:00
autoconf
autoconf: Update K & R stype functions
2022-09-16 17:53:22 +01:00
autoconf-archive
automake
automake: fix buildtest patch
2023-08-26 04:24:02 -10:00
binutils
bintuils: stable 2.38 branch update
2024-10-07 05:43:22 -07:00
bison
bootchart2
bootchart2: Fix usrmerge support
2023-02-15 21:46:56 +00:00
btrfs-tools
cargo
rust-common: Drop LLVM_TARGET and simplify
2022-06-07 11:53:26 +01:00
ccache
ccache: fix build with gcc-13
2023-10-05 15:48:49 -10:00
cdrtools
cdrtools-native: fix build with gcc-14
2024-10-12 05:17:58 -07:00
chrpath
cmake
cmake: Fix sporadic issues when determining compiler internals
2024-11-15 06:05:32 -08:00
createrepo-c
dejagnu
dejagnu: Fix LICENSE
2024-09-16 06:09:56 -07:00
desktop-file-utils
devel-config
diffstat
distcc
dmidecode
dmidecode: fixup for CVE-2023-30630
2023-08-19 05:56:58 -10:00
dnf
docbook-xml
dosfstools
dpkg
dpkg: fix CVE-2022-1664
2022-08-01 16:27:29 +01:00
dwarfsrcfiles
e2fsprogs
e2fsprogs: fix ptest bug for second running
2023-06-21 04:00:58 -10:00
elfutils
elfutils: Disable stringop-overflow warning for build host
2024-01-04 05:00:13 -10:00
erofs-utils
expect
fdisk
file
file: fix CVE-2022-48554
2023-09-08 16:09:41 -10:00
flex
gcc
gcc: restore a patch for Neoverse N2 core
2024-11-11 06:19:18 -08:00
gdb
gdb: Fix CVE-2023-39130
2024-02-09 03:46:50 -10:00
git
git: Fix multiple CVEs
2024-06-01 19:07:52 -07:00
glide
gnu-config
go
go: fix CVE-2024-24791
2024-08-16 08:09:14 -07:00
help2man
i2c-tools
icecc-create-env
icecc-toolchain
intltool
jquery
json-c
json-c: define CVE_VERSION
2023-10-05 15:48:49 -10:00
libcomps
libdnf
libdnf: resolve cstdint inclusion for newer gcc versions
2023-09-08 16:09:42 -10:00
libedit
libedit: Make docs generation deterministic
2024-09-16 06:09:56 -07:00
libmodulemd
librepo
librepo: upgrade 1.14.2 -> 1.14.3
2022-05-25 22:45:50 +01:00
libtool
llvm
llvm: reduce size of -dbg package
2024-11-27 06:27:26 -08:00
log4cplus
log4cplus: upgrade 2.0.7 -> 2.0.8
2022-08-04 16:29:15 +01:00
lua
lua: Fix install conflict when enable multilib.
2023-03-20 17:20:44 +00:00
m4
make
makedevs
makedevs: Don't use COPYING.patch just to add license file into ${S}
2022-06-11 10:06:13 +01:00
meson
meson: Fix wrapper handling of implicit setup command
2023-03-20 17:20:44 +00:00
mmc
mmc-utils: upgrade to latest revision
2022-05-25 22:45:50 +01:00
mtd
mtd-utils: upgrade 2.1.4 -> 2.1.5
2022-12-01 19:35:05 +00:00
mtools
nasm
nasm: fix CVE-2020-21528
2023-09-08 16:09:41 -10:00
ninja
ninja: fix build with python 3.13
2024-12-02 06:23:20 -08:00
opkg
opkg: Set correct info_dir and status_file in opkg.conf
2022-12-13 15:23:34 +00:00
opkg-utils
opkg-utils: use a git clone, not a dynamic snapshot
2022-11-09 17:42:08 +00:00
orc
orc: upgrade 0.4.39 -> 0.4.40
2024-11-02 06:32:36 -07:00
patch
patchelf
patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
2023-04-11 11:31:52 +01:00
perl
perl: ignore CVE-2023-47100
2024-04-19 04:50:38 -07:00
perl-cross
perl: update 5.34.1 -> 5.34.3
2023-12-22 16:36:55 -10:00
pkgconf
pkgconf: fix CVE-2023-24056
2023-03-23 22:45:33 +00:00
pkgconfig
pseudo
pseudo: Fix envp bug and add posix_spawn wrapper
2024-11-15 06:05:32 -08:00
python
python3-zipp: fix CVE-2024-5569
2024-12-09 07:54:03 -08:00
qemu
qemu: fix CVE-2024-3446
2024-12-09 07:54:03 -08:00
quilt
quilt: Fix merge.test race condition
2023-05-30 04:11:15 -10:00
repo
rpm
rpm: Remove -Wimplicit-function-declaration warnings
2022-10-11 21:56:13 +01:00
rsync
rsync: Turn on -pedantic-errors at the end of 'configure'
2023-04-11 11:31:52 +01:00
ruby
ruby: Make docs generation deterministic
2024-09-16 06:09:56 -07:00
run-postinsts
run-postinsts: Set dependency for ldconfig to avoid boot issues
2023-05-10 04:19:57 -10:00
rust
rust: ignore CVE-2024-43402
2024-10-12 05:17:57 -07:00
squashfs-tools
strace
strace: Update patches/tests with upstream fixes
2023-07-12 05:11:38 -10:00
subversion
subversion: upgrade to 1.14.2
2022-05-04 13:07:33 +01:00
swig
syslinux
syslinux: Disable error on implicit-function-declaration
2024-10-24 06:31:58 -07:00
systemd-bootchart
tcf-agent
tcltk
tcl: skip async and event tests in run-ptest
2024-04-19 04:50:39 -07:00
unfs3
unifdef
vala
vala: add -Wno-error=incompatible-pointer-types work around
2024-11-02 06:32:36 -07:00
valgrind
valgrind: disable avx_estimate_insn.vgtest
2024-10-12 05:17:58 -07:00
xmlto
xmlto: backport a patch to fix build with gcc-14 on host
2024-11-11 06:19:18 -08:00