Skip to content

Fix CVE-2024-8612 in qemu package on 3.0-dev branch #13855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: 3.0-dev
Choose a base branch
from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented May 22, 2025

This PR adds a patch for CVE-2024-8612 to the qemu package.

Issue Description

CVE-2024-8612 addresses a vulnerability in QEMU's bounce buffer implementation. When DMA memory cannot be directly accessed, QEMU previously provided only a single bounce buffer per AddressSpace and would fail DMA map requests while the buffer was already in use, causing DMA failures that resulted in hardware errors from the guest perspective.

Changes Made

  • Added the upstream patch from QEMU project which allocates DMA bounce buffers dynamically
  • Incremented package release from 16 to 17
  • Added appropriate changelog entry

Fix Summary

The patch:

  1. Allocates DMA bounce buffers dynamically instead of using a single buffer
  2. Limits the total bounce buffer allocation size for each AddressSpace
  3. Adds a new x-max-bounce-buffer-size parameter for PCI devices
  4. Properly handles multiple simultaneous DMA mapping requests

This change ensures that multiple DMA mappings can work correctly when RAM can't be mmap()-ed, preventing guest-visible hardware errors.

References

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

  • gitlab.com
    • Triggering command: curl -s REDACTED -o /tmp/patches/CVE-2024-8612.patch (dns block)
    • Triggering command: wget -q REDACTED -O /tmp/patches/CVE-2024-8612.patch (dns block)

If you need me to access, download, or install something from one of these locations, you can either:


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Co-authored-by: kgodara912 <193572699+kgodara912@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] Patch qemu for CVE-2024-8612 [MEDIUM] Fix CVE-2024-8612 in qemu package on 3.0-dev branch May 22, 2025
@Copilot Copilot AI requested a review from kgodara912 May 22, 2025 05:03
Copilot finished work on behalf of kgodara912 May 22, 2025 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.0-dev PRs Destined for AzureLinux 3.0 Packaging security
Projects
None yet
Development

Error loading sessions

Retrying...

Successfully merging this pull request may close these issues.

2 participants