| commit | 05a40b172e4d691371534828078be47e7fff524c | |
| author | Gerd Hoffmann <kraxel@redhat.com> | |
| Mon, 3 May 2021 13:29:15 +0000 (3 15:29 +0200) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Wed, 5 May 2021 13:06:01 +0000 (5 15:06 +0200) | ||
| tree | 0f9d4d1f4202a5795a340df5ca80a098c956de6a | treesnapshot (tar.gz zip) |
| parent | 06aa50c06c6392084244f8169d34b8e2d9c43ef2 | commitdiff |
usb: limit combined packets to 1 MiB (CVE-2021-3527)
usb-host and usb-redirect try to batch bulk transfers by combining many
small usb packets into a single, large transfer request, to reduce the
overhead and improve performance.
This patch adds a size limit of 1 MiB for those combined packets to
restrict the host resources the guest can bind that way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210503132915.2335822-6-kraxel@redhat.com>
usb-host and usb-redirect try to batch bulk transfers by combining many
small usb packets into a single, large transfer request, to reduce the
overhead and improve performance.
This patch adds a size limit of 1 MiB for those combined packets to
restrict the host resources the guest can bind that way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210503132915.2335822-6-kraxel@redhat.com>
| hw/usb/combined-packet.c | diffblobblamehistory |