using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu
Bug #1871830 reported by
Christian Ehrhardt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
Critical
|
Christian Ehrhardt |
Bug Description
[Impact]
* Back-porting an upstream fix for an array growing out of its allocated
size.
[Test Case]
* Full virt regression tests were run before the upload.
Details are in the linked Merge Proposals.
[Regression Potential]
* The fix just increases an array size by one.
This is a char pointer and exists once per qemu, I see no other drawback
than the size consumption and that is negligible.
[Other Info]
* This isn't technically an SRU, but I have learned that filling these
templates helps the release Team to accept changes while in 20.04 Freeze
time.
---
Need to bump
char *dirs[4];
in util/module.c
to reflect the new max size.
Related branches
~paelzer/ubuntu/+source/qemu:lp-1871830-modules-lp-1872937-CVEs-FOCAL
Merged
into
ubuntu/+source/qemu:ubuntu/focal-devel
at
revision 2d220e08b5001b0270907ae3df9711b43ee3ef9c
- Rafael David Tinoco (community): Approve
- Canonical Server: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 606 lines (+418/-48)11 files modifieddebian/binfmt-install (+46/-37)
debian/changelog (+19/-0)
debian/control (+1/-1)
debian/control-in (+1/-1)
debian/patches/arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch (+48/-0)
debian/patches/net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch (+145/-0)
debian/patches/series (+4/-0)
debian/patches/ubuntu/lp-1871830-module-increase-dirs-array-size-by-one.patch (+38/-0)
debian/patches/ubuntu/lp-1872107-kvm-Reallocate-dirty_bmap-when-we-change-a-slot.patch (+103/-0)
debian/qemu-system-data.install (+1/-1)
debian/rules (+12/-8)
CVE References
Changed in qemu (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
status: | New → Triaged |
Changed in qemu (Ubuntu): | |
importance: | Undecided → Critical |
description: | updated |
To post a comment you must log in.
PPA: https:/ /launchpad. net/~ci- train-ppa- service/ +archive/ ubuntu/ 4015 /code.launchpad .net/~paelzer/ ubuntu/ +source/ qemu/+git/ qemu/+merge/ 382001
MP: https:/