Headline
CVE-2021-3608: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
From:
Marcel Apfelbaum
Subject:
[PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
Date:
Wed, 30 Jun 2021 14:52:46 +0300
Do not unmap uninitialized dma addresses.
Fixes: CVE-2021-3608 Reviewed-by: VictorV (Kunlun Lab) [email protected] Tested-by: VictorV (Kunlun Lab) [email protected] Signed-off-by: Marcel Apfelbaum [email protected]
hw/rdma/vmw/pvrdma_dev_ring.c | 2 ± 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c index 074ac59b84…42130667a7 100644 — a/hw/rdma/vmw/pvrdma_dev_ring.c +++ b/hw/rdma/vmw/pvrdma_dev_ring.c @@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev, qatomic_set(&ring->ring_state->cons_head, 0); */ ring->npages = npages;
- ring->pages = g_malloc(npages * sizeof(void *));
ring->pages = g_malloc0(npages * sizeof(void *));
for (i = 0; i < npages; i++) { if (!tbl[i]) { – 2.31.1
[PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608), Marcel Apfelbaum <=
- Re: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608), Yuval Shaia, 2021/06/30
- Re: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608), Philippe Mathieu-Daudé, 2021/06/30
Prev by Date: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Next by Date: Re: [RFC PATCH v4 0/7] hw/arm/virt: Introduce cpu topology support
Previous by thread: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Next by thread: Re: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
Index(es):
- Date
- Thread
Related news
Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.
Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.