[Qemu-devel] [PATCH 0/2] Qemu: scsi: esp: check command buffer input len

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 0/2] Qemu: scsi: esp: check command buffer input len

From:	P J P
Subject:	[Qemu-devel] [PATCH 0/2] Qemu: scsi: esp: check command buffer input length
Date:	Thu, 19 May 2016 16:09:29 +0530

From: Prasad J Pandit <address@hidden>

Hello,

The ESP 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer between
controller and the bus. Couple of OOB write access issues were found
and reported in its emulation by Mr Li Qiang of 360.cn Inc.

Please see below are the proposed patches to fix these issues.

Thank you.
--
Prasad J Pandit (2):
  scsi: check command buffer length before write(CVE-2016-4439)
  scsi: check dma length before reading scsi command(CVE-2016-4441)

 hw/scsi/esp.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

--
2.5.5

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/2] Qemu: scsi: esp: check command buffer input length, P J P <=
- [Qemu-devel] [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439), P J P, 2016/05/19
- [Qemu-devel] [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441), P J P, 2016/05/19
- Re: [Qemu-devel] [PATCH 0/2] Qemu: scsi: esp: check command buffer input length, Paolo Bonzini, 2016/05/19

Prev by Date: Re: [Qemu-devel] [PATCH 41/50] s390x: move stuff out of cpu.h
Next by Date: [Qemu-devel] [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
Previous by thread: [Qemu-devel] [PATCH 0/6] virtio-gpu: scanout limit fixes
Next by thread: [Qemu-devel] [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
Index(es):
- Date
- Thread