[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 5b3c77: 9p: take write lock on fid path updat
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 5b3c77: 9p: take write lock on fid path updates (CVE-2018-... |
Date: |
Tue, 20 Nov 2018 05:14:32 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 5b3c77aa581ebb215125c84b0742119483571e55
https://github.com/qemu/qemu/commit/5b3c77aa581ebb215125c84b0742119483571e55
Author: Greg Kurz <address@hidden>
Date: 2018-11-20 (Tue, 20 Nov 2018)
Changed paths:
M hw/9pfs/9p.c
Log Message:
-----------
9p: take write lock on fid path updates (CVE-2018-19364)
Recent commit 5b76ef50f62079a fixed a race where v9fs_co_open2() could
possibly overwrite a fid path with v9fs_path_copy() while it is being
accessed by some other thread, ie, use-after-free that can be detected
by ASAN with a custom 9p client.
It turns out that the same can happen at several locations where
v9fs_path_copy() is used to set the fid path. The fix is again to
take the write lock.
Fixes CVE-2018-19364.
Cc: P J P <address@hidden>
Reported-by: zhibin hu <address@hidden>
Reviewed-by: Prasad J Pandit <address@hidden>
Signed-off-by: Greg Kurz <address@hidden>
Commit: 46cabfb41e9cb269affc14c8188f0c8745f8cd55
https://github.com/qemu/qemu/commit/46cabfb41e9cb269affc14c8188f0c8745f8cd55
Author: Peter Maydell <address@hidden>
Date: 2018-11-20 (Tue, 20 Nov 2018)
Changed paths:
M hw/9pfs/9p.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Fixes yet another use-after-free issue that could be triggered by a
misbehaving guest. This is a follow-up to commit:
commit 5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
Author: Greg Kurz <address@hidden>
Date: Wed Nov 7 01:00:04 2018 +0100
9p: write lock path in v9fs_co_open2()
# gpg: Signature made Tue 20 Nov 2018 12:01:07 GMT
# gpg: using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <address@hidden>"
# gpg: aka "Gregory Kurz <address@hidden>"
# gpg: aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6
* remotes/gkurz/tags/for-upstream:
9p: take write lock on fid path updates (CVE-2018-19364)
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/3c035a41dca8...46cabfb41e9c
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 5b3c77: 9p: take write lock on fid path updates (CVE-2018-...,
GitHub <=