motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-04 08:13:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/hw/nvme
History
Klaus Jensen ecb1b7b082 hw/nvme: fix oob memory read in fdp events log 
As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.

Fix this.

This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.

Fixes: CVE-2023-4135
Fixes: 73064edfb8 ("hw/nvme: flexible data placement emulation")
Reported-by: Trend Micro's Zero Day Initiative
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2023-08-07 08:51:37 +02:00
..
ctrl.c hw/nvme: fix oob memory read in fdp events log 2023-08-07 08:51:37 +02:00
dif.c hw/nvme: add new command abort case 2022-06-03 21:48:24 +02:00
dif.h hw/nvme: 64-bit pi support 2022-03-03 09:30:21 +01:00
Kconfig hw/nvme: move nvme emulation out of hw/block 2021-05-17 09:19:00 +02:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
ns.c hw/nvme: add placement handle list ranges 2023-06-28 11:22:46 +02:00
nvme.h hw/nvme: flexible data placement emulation 2023-03-06 15:28:02 +01:00
subsys.c hw/nvme: fix verification of number of ruhis 2023-06-28 11:22:17 +02:00
trace-events nvme: remove constant argument to tracepoint 2023-04-20 11:17:35 +02:00
trace.h hw/nvme: move nvme emulation out of hw/block 2021-05-17 09:19:00 +02:00