[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.7 50/53] hw/nvme: fix leak of uninitialized memory in io_mgm
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.7 50/53] hw/nvme: fix leak of uninitialized memory in io_mgmt_recv |
Date: |
Fri, 6 Sep 2024 09:54:20 +0300 |
From: Klaus Jensen <k.jensen@samsung.com>
Yutaro Shimizu from the Cyber Defense Institute discovered a bug in the
NVMe emulation that leaks contents of an uninitialized heap buffer if
subsystem and FDP emulation are enabled.
Cc: qemu-stable@nongnu.org
Reported-by: Yutaro Shimizu <shimizu@cyberdefense.jp>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 6a22121c4f25b181e99479f65958ecde65da1c92)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index 1fa117fdff..ca54c250b2 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -4302,7 +4302,7 @@ static uint16_t nvme_io_mgmt_recv_ruhs(NvmeCtrl *n,
NvmeRequest *req,
nruhsd = ns->fdp.nphs * endgrp->fdp.nrg;
trans_len = sizeof(NvmeRuhStatus) + nruhsd * sizeof(NvmeRuhStatusDescr);
- buf = g_malloc(trans_len);
+ buf = g_malloc0(trans_len);
trans_len = MIN(trans_len, len);
--
2.39.2
- [Stable-8.2.7 39/53] nbd/server: CVE-2024-7409: Drop non-negotiating clients, (continued)
- [Stable-8.2.7 39/53] nbd/server: CVE-2024-7409: Drop non-negotiating clients, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 43/53] block/blkio: use FUA flag on write zeroes only if supported, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 42/53] hw/core/ptimer: fix timer zero period condition for freq > 1GHz, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 41/53] nbd/server: CVE-2024-7409: Avoid use-after-free when closing server, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 46/53] module: Prevent crash by resetting local_err in module_load_qom_all(), Michael Tokarev, 2024/09/06
- [Stable-8.2.7 47/53] target/hexagon: don't look for static glib, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 45/53] target/arm: Clear high SVE elements in handle_vec_simd_wshli, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 48/53] target/sparc: Restrict STQF to sparcv9, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 49/53] crypto/tlscredspsk: Free username on finalize, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 53/53] target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 50/53] hw/nvme: fix leak of uninitialized memory in io_mgmt_recv,
Michael Tokarev <=
- [Stable-8.2.7 51/53] virtio-pci: Fix the use of an uninitialized irqfd, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 52/53] hw/audio/virtio-snd: fix invalid param check, Michael Tokarev, 2024/09/06