Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35414: Re: [PATCH v2] softmmu: Always initialize xlat in address_space_translate_for_iotlb

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

CVE
#git#dell

On Tue, 21 Jun 2022 at 16:38, Richard Henderson richard.hender…@linaro.org wrote:

The bug is an uninitialized memory read, along the translate_fail path, which results in garbage being read from iotlb_to_section, which can lead to a crash in io_readx/io_writex.

The bug may be fixed by writing any value with zero in ~TARGET_PAGE_MASK, so that the call to iotlb_to_section using the xlat’ed address returns io_mem_unassigned, as desired by the translate_fail path.

It is most useful to record the original physical page address, which will eventually be logged by memory_region_access_valid when the access is rejected by unassigned_mem_accepts.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1065 Signed-off-by: Richard Henderson richard.hender…@linaro.org

Reviewed-by: Peter Maydell peter.mayd…@linaro.org

thanks – PMM

Related news

Gentoo Linux Security Advisory 202408-18

Gentoo Linux Security Advisory 202408-18 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service. Versions greater than or equal to 8.0.0 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907