Headline
CVE-2019-12067: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header ‘ad->cur_cmd’ is null.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
From:
P J P
Subject:
[Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067)
Date:
Thu, 8 Aug 2019 12:26:36 +0530
From: Prasad J Pandit address@hidden
AHCI emulator while committing DMA buffer in ahci_commit_buf() may do a NULL dereference if the command header ‘ad->cur_cmd’ is null. Add check to avoid it.
Reported-by: Bugs SysSec address@hidden Signed-off-by: Prasad J Pandit address@hidden
hw/ide/ahci.c | 6 +++±- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 00ba422a48…9fff94075b 100644 — a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1458,8 +1458,10 @@ static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) { AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
- tx_bytes += le32_to_cpu(ad->cur_cmd->status);
- ad->cur_cmd->status = cpu_to_le32(tx_bytes);
- if (ad->cur_cmd) {
tx\_bytes += le32\_to\_cpu(ad->cur\_cmd->status);
ad->cur\_cmd->status = cpu\_to\_le32(tx\_bytes);
- } }
static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
2.21.0
[Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), P J P <=
- Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), Philippe Mathieu-Daudé, 2019/08/08
- Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), John Snow, 2019/08/08
- Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067), Philippe Mathieu-Daudé, 2019/08/08
Prev by Date: Re: [Qemu-devel] [PATCH v2] hw: net: cadence_gem: Fix build errors in DB_PRINT()
Next by Date: Re: [Qemu-devel] [PATCH v2] hw: net: cadence_gem: Fix build errors in DB_PRINT()
Previous by thread: [Qemu-devel] [PATCH] scsi: lsi: exit infinite loop while executing script (CVE-2019-12068)
Next by thread: Re: [Qemu-devel] [PATCH] ide: ahci: add check to avoid null dereference (CVE-2019-12067)
Index(es):
- Date
- Thread