hw/block/pflash_cfi01.c | 8 ++------ hw/block/pflash_cfi02.c | 5 ----- hw/sd/sdhci.c | 2 +- softmmu/physmem.c | 2 +- 4 files changed, 4 insertions(+), 13 deletions(-)
The following changes since commit ade760a2f63804b7ab1839fbc3e5ddbf30538718:
Merge tag 'pull-request-2022-11-08' of https://gitlab.com/thuth/qemu into staging (2022-11-08 11:34:06 -0500)
are available in the Git repository at:
https://github.com/philmd/qemu.git tags/memflash-20221108
for you to fetch changes up to cf9b3efd816518f9f210f50a0fa3e46a00b33c27:
Revert "hw/block/pflash_cfi: Error out if dev length isn't power of 2" (2022-11-08 19:29:25 +0100)
----------------------------------------------------------------
Memory/SDHCI/ParallelFlash patches queue
- Fix wrong end address dump in 'info mtree' (Zhenzhong Duan)
- Fix in SDHCI for CVE-2022-3872 (myself)
- Revert latest pflash check of underlying block size (Daniel
Henrique Barboza & myself)
----------------------------------------------------------------
Daniel Henrique Barboza (1):
Revert "hw/block/pflash_cfi: Error out if dev length isn't power of 2"
Philippe Mathieu-Daudé (1):
hw/sd/sdhci: Do not set Buf Wr Ena before writing block
(CVE-2022-3872)
Zhenzhong Duan (1):
memory: Fix wrong end address dump
hw/block/pflash_cfi01.c | 8 ++------
hw/block/pflash_cfi02.c | 5 -----
hw/sd/sdhci.c | 2 +-
softmmu/physmem.c | 2 +-
4 files changed, 4 insertions(+), 13 deletions(-)
--
2.38.1
On Tue, 8 Nov 2022 at 13:35, Philippe Mathieu-Daudé <philmd@linaro.org> wrote: > > The following changes since commit ade760a2f63804b7ab1839fbc3e5ddbf30538718: > > Merge tag 'pull-request-2022-11-08' of https://gitlab.com/thuth/qemu into staging (2022-11-08 11:34:06 -0500) > > are available in the Git repository at: > > https://github.com/philmd/qemu.git tags/memflash-20221108 > > for you to fetch changes up to cf9b3efd816518f9f210f50a0fa3e46a00b33c27: > > Revert "hw/block/pflash_cfi: Error out if dev length isn't power of 2" (2022-11-08 19:29:25 +0100) > > ---------------------------------------------------------------- > Memory/SDHCI/ParallelFlash patches queue > > - Fix wrong end address dump in 'info mtree' (Zhenzhong Duan) > - Fix in SDHCI for CVE-2022-3872 (myself) There is a CI failure: >>> G_TEST_DBUS_DAEMON=/builds/qemu-project/qemu/tests/dbus-vmstate-daemon.sh MALLOC_PERTURB_=127 QTEST_QEMU_BINARY=./qemu-system-arm QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon QTEST_QEMU_IMG=./qemu-img /builds/qemu-project/qemu/build/tests/qtest/npcm7xx_sdhci-test --tap -k ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― stderr: ** Message: 19:27:52.411: /tmp/sdhci_ZD2EV1 ** ERROR:../tests/qtest/npcm7xx_sdhci-test.c:101:sdwrite_read: assertion failed: (!memcmp(rmsg, msg, len)) https://gitlab.com/qemu-project/qemu/-/jobs/3292896670 Stefan
I've dropped the SDHCI CVE fix due to the CI failure. The rest of the commits are still in the staging tree and I plan to include them in v7.2.0-rc0. Stefan
On 8/11/22 21:57, Stefan Hajnoczi wrote: > I've dropped the SDHCI CVE fix due to the CI failure. > > The rest of the commits are still in the staging tree and I plan to > include them in v7.2.0-rc0. Thank you Stefan, sorry for not catching that failure sooner.
Hi Philippe, On Wed, Nov 09, 2022 at 08:43:19AM +0100, Philippe Mathieu-Daudé wrote: > On 8/11/22 21:57, Stefan Hajnoczi wrote: > > I've dropped the SDHCI CVE fix due to the CI failure. > > > > The rest of the commits are still in the staging tree and I plan to > > include them in v7.2.0-rc0. > > Thank you Stefan, sorry for not catching that failure sooner. I was looking through some older CVE's for qemu which are tracked still unfixed in Debian and noticed CVE-2022-3872 . Do you happen to know if the fix for CVE-2022-3872, the dropped one above, was ever fixed in another way? Or did that felt trough the cracks? Regards, Salvatore
On 21/12/23 22:19, Salvatore Bonaccorso wrote: > Hi Philippe, > > On Wed, Nov 09, 2022 at 08:43:19AM +0100, Philippe Mathieu-Daudé wrote: >> On 8/11/22 21:57, Stefan Hajnoczi wrote: >>> I've dropped the SDHCI CVE fix due to the CI failure. >>> >>> The rest of the commits are still in the staging tree and I plan to >>> include them in v7.2.0-rc0. >> >> Thank you Stefan, sorry for not catching that failure sooner. > > I was looking through some older CVE's for qemu which are tracked > still unfixed in Debian and noticed CVE-2022-3872 . Do you happen to > know if the fix for CVE-2022-3872, the dropped one above, was ever > fixed in another way? Or did that felt trough the cracks? Doh... You are right, this totally slipped off my radar :/
Hi, Is there a way to reproduce this issue? I have tried with the available reproducer but it doesn't seem to work. It would be really helpful to improve my understanding of qemu and I can help in testing the patch-sets additionally. Thanks T K Sourab On Tue, Jun 24, 2025 at 6:43 AM Philippe Mathieu-Daudé <philmd@linaro.org> wrote: > > On 21/12/23 22:19, Salvatore Bonaccorso wrote: > > Hi Philippe, > > > > On Wed, Nov 09, 2022 at 08:43:19AM +0100, Philippe Mathieu-Daudé wrote: > >> On 8/11/22 21:57, Stefan Hajnoczi wrote: > >>> I've dropped the SDHCI CVE fix due to the CI failure. > >>> > >>> The rest of the commits are still in the staging tree and I plan to > >>> include them in v7.2.0-rc0. > >> > >> Thank you Stefan, sorry for not catching that failure sooner. > > > > I was looking through some older CVE's for qemu which are tracked > > still unfixed in Debian and noticed CVE-2022-3872 . Do you happen to > > know if the fix for CVE-2022-3872, the dropped one above, was ever > > fixed in another way? Or did that felt trough the cracks? > > Doh... You are right, this totally slipped off my radar :/
© 2016 - 2026 Red Hat, Inc.