[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues
From: |
P J P |
Subject: |
[PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues |
Date: |
Tue, 15 Sep 2020 23:52:57 +0530 |
From: Prasad J Pandit <pjp@fedoraproject.org>
Hello,
* While servicing transfer descriptors(TD) in ohci_service[_iso]_td
routines, it may lead to out-of-bounds access and/or infinite loop
issues, as the OHCI controller driver may supply malicious values
to derive frame_number, start_addr, end_addr etc. variables.
* This series breaks earlier single patch into two.
One for an out-of-bounds access issue and another to fix infinite
loop case.
-> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05145.html
Thank you.
--
Prasad J Pandit (2):
hw: usb: hcd-ohci: check len and frame_number variables
hw: usb: hcd-ohci: check for processed TD before retire
hw/usb/hcd-ohci.c | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
--
2.26.2
- [PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues,
P J P <=