[OE-core] [PATCH] qemu: CVE-2014-3689
jackie.huang at windriver.com
jackie.huang at windriver.com
Thu Jul 2 06:42:38 UTC 2015
From: Li Wang <li.wang at windriver.com>
Issue: LIN7-2153
the patch comes from:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689
http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc
vmware-vga: CVE-2014-3689: turn off hw accel
Quick & easy stopgap for CVE-2014-3689: We just compile out the
hardware acceleration functions which lack sanity checks. Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.
Cc: qemu-stable at nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
Reviewed-by: Don Koch <dkoch at verizon.com>
Signed-off-by: Li Wang <li.wang at windriver.com>
---
.../qemu/qemu/qemu-CVE-2014-3689.patch | 46 ++++++++++++++++++++++
meta/recipes-devtools/qemu/qemu_2.3.0.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch
diff --git a/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch b/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch
new file mode 100644
index 0000000..a0c3931
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch
@@ -0,0 +1,46 @@
+qemu: CVE-2014-3689
+
+the patch comes from:
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689
+http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc
+
+vmware-vga: CVE-2014-3689: turn off hw accel
+
+Quick & easy stopgap for CVE-2014-3689: We just compile out the
+hardware acceleration functions which lack sanity checks. Thankfully
+we have capability bits for them (SVGA_CAP_RECT_COPY and
+SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
+
+Subsequent patches will add the missing checks and re-enable the
+hardware acceleration emulation.
+
+Cc: qemu-stable at nongnu.org
+Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
+Reviewed-by: Don Koch <dkoch at verizon.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: Li Wang <li.wang at windriver.com>
+---
+ hw/display/vmware_vga.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
+index 591b645..99a97fe 100644
+--- a/hw/display/vmware_vga.c
++++ b/hw/display/vmware_vga.c
+@@ -29,9 +29,11 @@
+ #include "hw/pci/pci.h"
+
+ #undef VERBOSE
++#if 0
+ #define HW_RECT_ACCEL
+ #define HW_FILL_ACCEL
+ #define HW_MOUSE_ACCEL
++#endif
+
+ #include "vga_int.h"
+
+--
+1.7.9.5
+
diff --git a/meta/recipes-devtools/qemu/qemu_2.3.0.bb b/meta/recipes-devtools/qemu/qemu_2.3.0.bb
index ec1b101..917febe 100644
--- a/meta/recipes-devtools/qemu/qemu_2.3.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.3.0.bb
@@ -18,6 +18,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
file://09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch \
file://10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch \
file://11-xen-pt-unknown-PCI-config-space-fields-should-be-readonly-CVE-2015-4106.patch \
+ file://qemu-CVE-2014-3689.patch \
"
SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
SRC_URI[md5sum] = "2fab3ea4460de9b57192e5b8b311f221"
--
1.9.1
More information about the Openembedded-core
mailing list