hw/nvme: fix oob memory read in fdp events log - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Klaus Jensen <k.jensen@samsung.com>	2023-08-03 20:44:23 +0200
committer	Klaus Jensen <k.jensen@samsung.com>	2023-08-07 08:51:37 +0200
commit	ecb1b7b082d3b7dceff0e486a114502fc52c0fdf (patch)
tree	0e5b330cfee52ea9e4ef8877931657cbd06c4c8a /linux-user/sparc/signal.c
parent	9400601a689a128c25fa9c21e932562e0eeb7a26 (diff)
download	focaccia-qemu-ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.tar.gz focaccia-qemu-ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.zip

hw/nvme: fix oob memory read in fdp events log

As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.

Fix this.

This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.

Fixes: CVE-2023-4135
Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
Reported-by: Trend Micro's Zero Day Initiative
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>

Diffstat (limited to 'linux-user/sparc/signal.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: