diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch new file mode 100644 index 0000000000..c534f4c24f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch @@ -0,0 +1,39 @@ +vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) + +If the guest trigger following sequences, the attach_backing will be leaked: + +vg_resource_create_2d +vg_resource_attach_backing +vg_resource_unref + +This patch fix this by freeing 'res->iov' in vg_resource_destroy. + +Fixes: CVE-2021-3544 +Reported-by: default avatarLi Qiang <liq3ea@163.com> +virtio-gpu fix: 5e8e3c4c + +("virtio-gpu: fix resource leak +in virgl_cmd_resource_unref") +Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: default avatarLi Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-5-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3544 +[vhost-user-gpu does not exist in the 4.2.0] +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/main.c +@@ -379,6 +379,7 @@ vg_resource_destroy(VuGpu *g, + } + + vugbm_buffer_destroy(&res->buffer); ++ g_free(res->iov); + pixman_image_unref(res->image); + QTAILQ_REMOVE(&g->reslist, res, next); + g_free(res); |