| commit | b8d7f1bc59276fec85e4d09f1567613a3e14d31e | |
| author | Prasad J Pandit <pjp@fedoraproject.org> | |
| Mon, 18 Jan 2021 11:51:30 +0000 (18 17:21 +0530) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Sat, 23 Jan 2021 14:26:40 +0000 (23 09:26 -0500) | ||
| tree | f1ab21d5110b354e6f6d50fc13025829d7bab30a | treesnapshot (tar.gz zip) |
| parent | bbf901914170c6ee423beb3b8c510038c16d082f | commitdiff |
ide: atapi: check logical block address and read size (CVE-2020-29443)
While processing ATAPI cmd_read/cmd_read_cd commands,
Logical Block Address (LBA) maybe invalid OR closer to the last block,
leading to an OOB access issues. Add range check to avoid it.
Fixes: CVE-2020-29443
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20210118115130.457044-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
While processing ATAPI cmd_read/cmd_read_cd commands,
Logical Block Address (LBA) maybe invalid OR closer to the last block,
leading to an OOB access issues. Add range check to avoid it.
Fixes: CVE-2020-29443
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20210118115130.457044-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| hw/ide/atapi.c | diffblobblamehistory |