jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qemu: fix CVE-2020-28916

Browse Source 
While receiving packets via e1000e_write_packet_to_guest an infinite
loop could be triggered if the receive descriptor had a NULL buffer
address.

A privileged guest user could use this to induce a DoS Scenario.

Fixes: CVE-2020-28916
This commit is contained in:
Martin Weinelt 2020-12-01 16:54:21 +01:00
parent 72cb12e4ab
commit c3f268000e
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/applications/virtualization/qemu/default.nix
View File

@ -83,6 +83,12 @@ stdenv.mkDerivation rec {
./fix-qemu-ga.patch
./9p-ignore-noatime.patch
./CVE-2020-27617.patch
(fetchpatch {
# e1000e: infinite loop scenario in case of null packet descriptor, remove for QEMU >= 5.2.0-rc3
name = "CVE-2020-28916.patch";
url = "https://git.qemu.org/?p=qemu.git;a=patch;h=c2cb511634012344e3d0fe49a037a33b12d8a98a";
sha256 = "1kvm6wl4vry0npiisxsn76h8nf1iv5fmqsyjvb46203f1yyg5pis";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {