[OE-core] [PATCH] qemu: CVE-2014-3689
Huang, Jie (Jackie)
Jackie.Huang at windriver.com
Thu Jul 2 09:00:48 UTC 2015
> -----Original Message-----
> From: openembedded-core-bounces at lists.openembedded.org [mailto:openembedded-core-
> bounces at lists.openembedded.org] On Behalf Of jackie.huang at windriver.com
> Sent: Thursday, July 02, 2015 2:43 PM
> To: openembedded-core at lists.openembedded.org
> Subject: [OE-core] [PATCH] qemu: CVE-2014-3689
>
> From: Li Wang <li.wang at windriver.com>
>
> Issue: LIN7-2153
Sorry, this should be removed, please ignore this.
Thanks,
Jackie
>
> the patch comes from:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689
> http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc
>
> vmware-vga: CVE-2014-3689: turn off hw accel
>
> Quick & easy stopgap for CVE-2014-3689: We just compile out the hardware acceleration functions
> which lack sanity checks. Thankfully we have capability bits for them (SVGA_CAP_RECT_COPY and
> SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
>
> Subsequent patches will add the missing checks and re-enable the hardware acceleration emulation.
>
> Cc: qemu-stable at nongnu.org
> Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
> Reviewed-by: Don Koch <dkoch at verizon.com>
> Signed-off-by: Li Wang <li.wang at windriver.com>
> ---
> .../qemu/qemu/qemu-CVE-2014-3689.patch | 46 ++++++++++++++++++++++
> meta/recipes-devtools/qemu/qemu_2.3.0.bb | 1 +
> 2 files changed, 47 insertions(+)
> create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch
>
> diff --git a/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch b/meta/recipes-
> devtools/qemu/qemu/qemu-CVE-2014-3689.patch
> new file mode 100644
> index 0000000..a0c3931
> --- /dev/null
> +++ b/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch
> @@ -0,0 +1,46 @@
> +qemu: CVE-2014-3689
> +
> +the patch comes from:
> +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689
> +http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729
> +880e091387fc
> +
> +vmware-vga: CVE-2014-3689: turn off hw accel
> +
> +Quick & easy stopgap for CVE-2014-3689: We just compile out the
> +hardware acceleration functions which lack sanity checks. Thankfully
> +we have capability bits for them (SVGA_CAP_RECT_COPY and
> +SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
> +
> +Subsequent patches will add the missing checks and re-enable the
> +hardware acceleration emulation.
> +
> +Cc: qemu-stable at nongnu.org
> +Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
> +Reviewed-by: Don Koch <dkoch at verizon.com>
> +
> +Upstream-Status: Backport
> +
> +Signed-off-by: Li Wang <li.wang at windriver.com>
> +---
> + hw/display/vmware_vga.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index
> +591b645..99a97fe 100644
> +--- a/hw/display/vmware_vga.c
> ++++ b/hw/display/vmware_vga.c
> +@@ -29,9 +29,11 @@
> + #include "hw/pci/pci.h"
> +
> + #undef VERBOSE
> ++#if 0
> + #define HW_RECT_ACCEL
> + #define HW_FILL_ACCEL
> + #define HW_MOUSE_ACCEL
> ++#endif
> +
> + #include "vga_int.h"
> +
> +--
> +1.7.9.5
> +
> diff --git a/meta/recipes-devtools/qemu/qemu_2.3.0.bb b/meta/recipes-
> devtools/qemu/qemu_2.3.0.bb
> index ec1b101..917febe 100644
> --- a/meta/recipes-devtools/qemu/qemu_2.3.0.bb
> +++ b/meta/recipes-devtools/qemu/qemu_2.3.0.bb
> @@ -18,6 +18,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
> file://09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch \
> file://10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch \
> file://11-xen-pt-unknown-PCI-config-space-fields-should-be-readonly-CVE-2015-4106.patch \
> + file://qemu-CVE-2014-3689.patch \
> "
> SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
> SRC_URI[md5sum] = "2fab3ea4460de9b57192e5b8b311f221"
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list