[PATCH 0/2] hw/sd/sdcard: Fix CVE-2020-13253 (Do not allow invalid SD card sizes)

Philippe Mathieu-Daudé posted 2 patches 3 years, 8 months ago
Test checkpatch passed
Test docker-mingw@fedora passed
Test FreeBSD passed
Test docker-quick@centos7 passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200707132116.26207-1-f4bug@amsat.org
There is a newer version of this series
hw/sd/sd.c                             | 16 ++++++++++++++++
tests/acceptance/boot_linux_console.py | 15 +++++++++++++++
2 files changed, 31 insertions(+)
[PATCH 0/2] hw/sd/sdcard: Fix CVE-2020-13253 (Do not allow invalid SD card sizes)
Posted by Philippe Mathieu-Daudé 3 years, 8 months ago
Part 1 is already reviewed:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg718150.html

However the CVE fix break Linux guests:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg720737.html

This series fixes that, by checking the SD card image size is
correct.

Based-on: <20200630133912.9428-1-f4bug@amsat.org>

Philippe Mathieu-Daudé (2):
  tests/acceptance/boot_linux: Truncate SD card image to power of 2
  hw/sd/sdcard: Do not allow invalid SD card sizes

 hw/sd/sd.c                             | 16 ++++++++++++++++
 tests/acceptance/boot_linux_console.py | 15 +++++++++++++++
 2 files changed, 31 insertions(+)

-- 
2.21.3