public/qemu
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu/hw
History
Thomas Huth 6b7fa3cbab hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] 
We are doing things like

    nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);

in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if
the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes
with a division by 0 exception. Thus disallow block sizes of 256
bytes to avoid this situation.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813
CVE: 2023-42467
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230925091854.49198-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7cfcc79b0ab800959716738aff9419f53fc68c9c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-10-03 02:00:54 +03:00
..
9pfs
acpi
adc
alpha
arm hw/arm/boot: Set SCR_EL3.FGTEn when booting kernel 2023-10-03 02:00:54 +03:00
audio
avr
block
char hw/char/riscv_htif: Fix the console syscall on big endian hosts 2023-09-21 19:35:19 +03:00
core misc: Fix some typos in documentation and comments 2023-08-01 23:52:23 +02:00
cpu
cris
cxl hw/cxl: Fix CFMW config memory leak 2023-10-03 02:00:54 +03:00
display virtio-gpu/win32: set the destroy function on load 2023-09-21 19:35:19 +03:00
dma
gpio
hppa
hyperv
i2c hw/i2c/aspeed: Fix TXBUF transmission start position error 2023-09-21 19:35:19 +03:00
i386 hw/i386/vmmouse:add relative packet flag for button status 2023-08-07 15:50:31 +04:00
ide hw/ide/ahci: fix broken SError handling 2023-09-21 19:35:19 +03:00
input
intc hw/intc: Make rtc variable names consistent 2023-09-21 19:35:19 +03:00
ipack
ipmi
isa
loongarch
m68k
mem
microblaze
mips kvm: Introduce kvm_arch_get_default_type hook 2023-08-24 18:43:47 +03:00
misc
net hw/net/vmxnet3: Fix guest-triggerable assert() 2023-09-21 19:35:19 +03:00
nios2
nubus
nvme hw/nvme: fix null pointer access in ruh update 2023-08-09 15:32:32 +02:00
nvram
openrisc
pci pci: Fix the update of interrupt disable bit in PCI_COMMAND register 2023-08-11 12:15:24 -04:00
pci-bridge hw/pci-bridge/cxl_upstream.c: Use g_new0() in build_cdat_table() 2023-08-03 16:06:49 -04:00
pci-host hw/pci-host: Allow extended config space access for Designware PCIe host 2023-08-11 12:15:24 -04:00
pcmcia
ppc hw/ppc: Read time only once to perform decrementer write 2023-09-25 23:44:30 +03:00
rdma
remote
riscv hw/riscv: virt: Fix riscv,pmu DT node path 2023-09-21 19:35:19 +03:00
rtc
rx
s390x s390x/ap: fix missing subsystem reset registration 2023-09-21 19:35:19 +03:00
scsi hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] 2023-10-03 02:00:54 +03:00
sd
sensor
sh4
smbios
sparc
sparc64
ssi
timer
tpm
tricore
usb
vfio
virtio virtio: Drop out of coroutine context in virtio_load() 2023-09-21 19:35:19 +03:00
watchdog
xen
xenpv
xtensa
Kconfig
meson.build