uas: add stream number sanity checks. - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Gerd Hoffmann <kraxel@redhat.com>	2021-08-18 14:05:05 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2021-09-01 06:34:00 +0200
commit	13b250b12ad3c59114a6a17d59caf073ce45b33a (patch)
tree	0f79d14314c1c36f499a29e2eedaf5ff5b7626c9 /hw/usb/desc-msos.c
parent	ad22d0583300df420819e6c89b1c022b998fac8a (diff)
download	focaccia-qemu-13b250b12ad3c59114a6a17d59caf073ce45b33a.tar.gz focaccia-qemu-13b250b12ad3c59114a6a17d59caf073ce45b33a.zip

uas: add stream number sanity checks.

The device uses the guest-supplied stream number unchecked, which can
lead to guest-triggered out-of-band access to the UASDevice->data3 and
UASDevice->status3 fields.  Add the missing checks.

Fixes: CVE-2021-3713
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Chen Zhe <chenzhe@huawei.com>
Reported-by: Tan Jingguo <tanjingguo@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>

Diffstat (limited to 'hw/usb/desc-msos.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: