falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw
History
Prasad J Pandit fca5f37fe9 multiboot: validate multiboot header address values 
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
the kernel image. These addresses are used to compute kernel
size and kernel text offset in the OS image. Validate these
address values to avoid an OOB access issue.

This is CVE-2017-14167.

Reported-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170907063256.7418-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit ed4f86e8b6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2017-09-22 18:11:49 -05:00
..
9pfs 9pfs: local: fix fchmodat_nofollow() limitations 2017-08-10 14:36:11 +02:00
acpi docs: fix broken paths to docs/devel/tracing.txt 2017-07-31 13:12:53 +03:00
adc
alpha docs: fix broken paths to docs/devel/tracing.txt 2017-07-31 13:12:53 +03:00
arm mps2-an511: Fix wiring of UART overflow interrupt lines 2017-09-17 15:02:04 -05:00
audio trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
block virtio-blk: handle blk_getlength() errors 2017-08-10 14:33:43 +01:00
bt bt: stop the sdp memory allocation craziness 2017-08-01 17:27:33 +02:00
char trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
core loader: check get_image_size() return value 2017-07-31 13:06:38 +03:00
cpu cpu: don't allow negative core id 2017-08-02 18:30:13 -03:00
cris hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
display vga: stop passing pointers to vga_draw_line* functions 2017-09-22 18:11:23 -05:00
dma trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
gpio qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
i2c migration/next for 20170601 2017-06-02 14:07:53 +01:00
i386 multiboot: validate multiboot header address values 2017-09-22 18:11:49 -05:00
ide IDE: Do not flush empty CDROM drives 2017-08-10 14:33:43 +01:00
input trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
intc arm_gicv3_kvm: Fix compile warning 2017-09-14 19:24:05 -05:00
ipack
ipmi qom: enforce readonly nature of link's check callback 2017-07-14 12:04:42 +02:00
isa trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
lm32 char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
m68k hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
mem hw/ppc/spapr: Fix segfault when instantiating a 'pc-dimm' without 'memdev' 2017-08-22 21:26:46 +10:00
microblaze hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
mips mips: Add KVM T&E segment support for TCG 2017-08-02 22:18:06 +01:00
misc mmio-interface: Mark as not user creatable 2017-08-15 17:42:02 +01:00
moxie hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
net trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
nios2 hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
nvram trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
openrisc hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
pci trace-events: fix code style: %# -> 0x% 2017-08-01 12:13:07 +01:00
pci-bridge pci: Convert shpc_init() to Error 2017-07-03 22:29:49 +03:00
pci-host memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate() 2017-07-14 17:59:42 +01:00
pcmcia
ppc hw/ppc/spapr_iommu: Fix crash when removing the "spapr-tce-table" device 2017-08-22 21:26:46 +10:00
s390x trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
scsi scsi-bus: correct responses for INQUIRY and REQUEST SENSE 2017-09-19 17:44:14 -05:00
sd trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
sh4 hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
smbios stubs: move smbios stubs to hw/smbios 2017-01-16 17:52:35 +01:00
sparc docs: fix broken paths to docs/devel/tracing.txt 2017-07-31 13:12:53 +03:00
sparc64 memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate() 2017-07-14 17:59:42 +01:00
ssi xlnx-qspi: add a property for mmio-execution 2017-08-14 14:17:18 +01:00
timer mc146818rtc: implement UIP latching as intended 2017-08-01 17:27:34 +02:00
tpm
tricore hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
unicore32 fix qemu-system-unicore32 crashing when calling without -kernel 2017-07-31 13:05:49 +03:00
usb trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
vfio trace-events: fix code style: print 0x before hex numbers 2017-08-01 12:13:07 +01:00
virtio vhost: Release memory references on cleanup 2017-09-14 19:31:09 -05:00
watchdog shutdown: Add source information to SHUTDOWN and RESET 2017-05-23 13:28:17 +02:00
xen trace-events: fix code style: %# -> 0x% 2017-08-01 12:13:07 +01:00
xenpv xenfb: remove xen_init_display "temporary" hack 2017-07-07 11:10:03 -07:00
xtensa hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
Makefile.objs acpi: filter based on CONFIG_ACPI_X86 rather than TARGET 2017-01-16 17:52:35 +01:00