6b7fa3cbab
We are doing things like nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes with a division by 0 exception. Thus disallow block sizes of 256 bytes to avoid this situation. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813 CVE: 2023-42467 Signed-off-by: Thomas Huth <thuth@redhat.com> Message-ID: <20230925091854.49198-1-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 7cfcc79b0ab800959716738aff9419f53fc68c9c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> |
||
---|---|---|
.. | ||
9pfs | ||
acpi | ||
adc | ||
alpha | ||
arm | ||
audio | ||
avr | ||
block | ||
char | ||
core | ||
cpu | ||
cris | ||
cxl | ||
display | ||
dma | ||
gpio | ||
hppa | ||
hyperv | ||
i2c | ||
i386 | ||
ide | ||
input | ||
intc | ||
ipack | ||
ipmi | ||
isa | ||
loongarch | ||
m68k | ||
mem | ||
microblaze | ||
mips | ||
misc | ||
net | ||
nios2 | ||
nubus | ||
nvme | ||
nvram | ||
openrisc | ||
pci | ||
pci-bridge | ||
pci-host | ||
pcmcia | ||
ppc | ||
rdma | ||
remote | ||
riscv | ||
rtc | ||
rx | ||
s390x | ||
scsi | ||
sd | ||
sensor | ||
sh4 | ||
smbios | ||
sparc | ||
sparc64 | ||
ssi | ||
timer | ||
tpm | ||
tricore | ||
usb | ||
vfio | ||
virtio | ||
watchdog | ||
xen | ||
xenpv | ||
xtensa | ||
Kconfig | ||
meson.build |