CVE-2019-12067: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

From:

P J P

Subject:

[Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067)

Date:

Thu, 8 Aug 2019 12:26:36 +0530

From: Prasad J Pandit address@hidden

AHCI emulator while committing DMA buffer in ahci_commit_buf() may do a NULL dereference if the command header ‘ad->cur_cmd’ is null. Add check to avoid it.

Reported-by: Bugs SysSec address@hidden Signed-off-by: Prasad J Pandit address@hidden

---

hw/ide/ahci.c | 6 +++±- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 00ba422a48…9fff94075b 100644 — a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1458,8 +1458,10 @@ static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) { AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);

• tx_bytes += le32_to_cpu(ad->cur_cmd->status);
• ad->cur_cmd->status = cpu_to_le32(tx_bytes);

• if (ad->cur_cmd) {

•    tx\_bytes += le32\_to\_cpu(ad->cur\_cmd->status);
  

•    ad->cur\_cmd->status = cpu\_to\_le32(tx\_bytes);
  

• } }

static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)

2.21.0

• [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), P J P <=

  • Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), Philippe Mathieu-Daudé, 2019/08/08
    • Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), John Snow, 2019/08/08

• Prev by Date: Re: [Qemu-devel] [PATCH v2] hw: net: cadence_gem: Fix build errors in DB_PRINT()

• Next by Date: Re: [Qemu-devel] [PATCH v2] hw: net: cadence_gem: Fix build errors in DB_PRINT()

• Previous by thread: [Qemu-devel] [PATCH] scsi: lsi: exit infinite loop while executing script (CVE-2019-12068)

• Next by thread: Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067)

• Index(es):

  • Date
  • Thread