Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
qemu: apply patch for CVE-2020-27617
An assert(3) failure issue was found in the networking helper functions of QEMU. It could occur in the eth_get_gso_type() routine, if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. A guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Fixes: CVE-2020-27617
- Loading branch information
Showing
2 changed files
with
44 additions
and
0 deletions.
There are no files selected for viewing
43 changes: 43 additions & 0 deletions
43
pkgs/applications/virtualization/qemu/CVE-2020-27617.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
From 6d19c0cc6c5a9bba308fc29d7c0edc2dc372c41b Mon Sep 17 00:00:00 2001 | ||
From: Prasad J Pandit <pjp@fedoraproject.org> | ||
Date: Wed, 21 Oct 2020 11:35:50 +0530 | ||
Subject: [PATCH] net: remove an assert call in eth_get_gso_type | ||
|
||
eth_get_gso_type() routine returns segmentation offload type based on | ||
L3 protocol type. It calls g_assert_not_reached if L3 protocol is | ||
unknown, making the following return statement unreachable. Remove the | ||
g_assert call, it maybe triggered by a guest user. | ||
|
||
Reported-by: Gaoning Pan <pgn@zju.edu.cn> | ||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
--- | ||
net/eth.c | 6 +++--- | ||
1 file changed, 3 insertions(+), 3 deletions(-) | ||
|
||
diff --git a/net/eth.c b/net/eth.c | ||
index 0c1d413ee2..eee77071f9 100644 | ||
--- a/net/eth.c | ||
+++ b/net/eth.c | ||
@@ -16,6 +16,7 @@ | ||
*/ | ||
|
||
#include "qemu/osdep.h" | ||
+#include "qemu/log.h" | ||
#include "net/eth.h" | ||
#include "net/checksum.h" | ||
#include "net/tap.h" | ||
@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t l4proto) | ||
return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state; | ||
} | ||
} | ||
- | ||
- /* Unsupported offload */ | ||
- g_assert_not_reached(); | ||
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: probably not GSO frame, " | ||
+ "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto); | ||
|
||
return VIRTIO_NET_HDR_GSO_NONE | ecn_state; | ||
} | ||
-- | ||
2.28.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters