blame | history | raw
hc
2023-11-07 f45e756958099c35d6afb746df1d40a1c6302cfc 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

CVE: CVE-2021-3545


Upstream-Status: Backport


Signed-off-by: Ross Burton <ross.burton@arm.com>


 


From 121841b25d72d13f8cad554363138c360f1250ea Mon Sep 17 00:00:00 2001


From: Li Qiang <liq3ea@163.com>


Date: Sat, 15 May 2021 20:03:56 -0700


Subject: [PATCH 1/7] vhost-user-gpu: fix memory disclosure in


 virgl_cmd_get_capset_info (CVE-2021-3545)


MIME-Version: 1.0


Content-Type: text/plain; charset=UTF-8


Content-Transfer-Encoding: 8bit


 


Otherwise some of the 'resp' will be leaked to guest.


 


Fixes: CVE-2021-3545


Reported-by: Li Qiang <liq3ea@163.com>


virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak


in getting capset info dispatch")


 


Signed-off-by: Li Qiang <liq3ea@163.com>


Reviewed-by: Marc-AndrĂ© Lureau <marcandre.lureau@redhat.com>


Message-Id: <20210516030403.107723-2-liq3ea@163.com>


Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


---


 contrib/vhost-user-gpu/virgl.c | 1 +


 1 file changed, 1 insertion(+)


 


diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c


index 9e6660c7ab..6a332d601f 100644


--- a/contrib/vhost-user-gpu/virgl.c


+++ b/contrib/vhost-user-gpu/virgl.c


@@ -128,6 +128,7 @@ virgl_cmd_get_capset_info(VuGpu *g,


 


     VUGPU_FILL_CMD(info);


 


+    memset(&resp, 0, sizeof(resp));


     if (info.capset_index == 0) {


         resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;


         virgl_renderer_get_cap_set(resp.capset_id,


-- 


2.25.1