diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch new file mode 100644 index 0000000000..fcdda64437 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch @@ -0,0 +1,41 @@ +From 121841b25d72d13f8cad554363138c360f1250ea Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@163.com> +Date: Sat, 15 May 2021 20:03:56 -0700 +Subject: [PATCH] vhost-user-gpu: fix memory disclosure in + virgl_cmd_get_capset_info (CVE-2021-3545) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise some of the 'resp' will be leaked to guest. + +Fixes: CVE-2021-3545 +Reported-by: Li Qiang <liq3ea@163.com> +virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak +in getting capset info dispatch") + +Signed-off-by: Li Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-2-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3545 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + contrib/vhost-user-gpu/virgl.c | 1 + + 1 file changed, 1 insertion(+) + +Index: qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/virgl.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +@@ -132,6 +132,7 @@ virgl_cmd_get_capset_info(VuGpu *g, + + VUGPU_FILL_CMD(info); + ++ memset(&resp, 0, sizeof(resp)); + if (info.capset_index == 0) { + resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL; + virgl_renderer_get_cap_set(resp.capset_id, |