| Message ID | 20240410091315.57241-1-philmd@linaro.org |
|---|---|
| State | New |
| Headers | show |
On Wed, 10 Apr 2024 at 10:14, Philippe Mathieu-Daudé <philmd@linaro.org> wrote: > > The following changes since commit 927284d65bce63ab1495d3febe7c7b5b6d563874: > > Merge tag 'edk2-20240409-pull-request' of https://gitlab.com/kraxel/qemu into staging (2024-04-09 17:36:40 +0100) > > are available in the Git repository at: > > https://github.com/philmd/qemu.git tags/hw-misc-20240410 > > for you to fetch changes up to dcb0a1ac03d6b5ba6c7fcbe467f0215738006113: > > hw/audio/virtio-snd: Remove unused assignment (2024-04-10 11:07:37 +0200) > > ---------------------------------------------------------------- > Misc HW patch queue > > - Fix CXL Fixed Memory Window interleave-granularity typo > - Fix for DMA re-entrancy abuse with VirtIO devices (CVE-2024-3446) > - Fix out-of-bound access in NAND block buffer > - Fix memory leak in AppleSMC reset() handler > - Avoid VirtIO crypto backends abort o invalid session ID > - Fix overflow in LAN9118 MIL TX FIFO > - Fix overflow when abusing SDHCI TRNMOD register (CVE-2024-3447) > - Fix overrun in short fragmented packet SCTP checksum (CVE-2024-3567) > - Remove unused assignment in virtio-snd model (Coverity 1542933 & 1542934) > > ---------------------------------------------------------------- Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/9.0 for any user-visible changes. -- PMM
The following changes since commit 927284d65bce63ab1495d3febe7c7b5b6d563874: Merge tag 'edk2-20240409-pull-request' of https://gitlab.com/kraxel/qemu into staging (2024-04-09 17:36:40 +0100) are available in the Git repository at: https://github.com/philmd/qemu.git tags/hw-misc-20240410 for you to fetch changes up to dcb0a1ac03d6b5ba6c7fcbe467f0215738006113: hw/audio/virtio-snd: Remove unused assignment (2024-04-10 11:07:37 +0200) ---------------------------------------------------------------- Misc HW patch queue - Fix CXL Fixed Memory Window interleave-granularity typo - Fix for DMA re-entrancy abuse with VirtIO devices (CVE-2024-3446) - Fix out-of-bound access in NAND block buffer - Fix memory leak in AppleSMC reset() handler - Avoid VirtIO crypto backends abort o invalid session ID - Fix overflow in LAN9118 MIL TX FIFO - Fix overflow when abusing SDHCI TRNMOD register (CVE-2024-3447) - Fix overrun in short fragmented packet SCTP checksum (CVE-2024-3567) - Remove unused assignment in virtio-snd model (Coverity 1542933 & 1542934) ---------------------------------------------------------------- Philippe Mathieu-Daudé (15): hw/virtio: Introduce virtio_bh_new_guarded() helper hw/display/virtio-gpu: Protect from DMA re-entrancy bugs hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs hw/block/nand: Factor nand_load_iolen() method out hw/block/nand: Have blk_load() take unsigned offset and return boolean hw/block/nand: Fix out-of-bound access in NAND block buffer hw/misc/applesmc: Do not call DeviceReset from DeviceRealize hw/misc/applesmc: Fix memory leak in reset() handler backends/cryptodev: Do not abort for invalid session ID hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition hw/net/lan9118: Fix overflow in MIL TX FIFO hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() hw/audio/virtio-snd: Remove unused assignment Yuquan Wang (1): qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo include/hw/virtio/virtio.h | 7 +++++ backends/cryptodev-builtin.c | 4 ++- hw/audio/virtio-snd.c | 8 ++++-- hw/block/nand.c | 55 +++++++++++++++++++++++++----------- hw/char/virtio-serial-bus.c | 3 +- hw/display/virtio-gpu.c | 6 ++-- hw/misc/applesmc.c | 2 +- hw/net/lan9118.c | 28 +++++++++++++++--- hw/net/net_tx_pkt.c | 4 +++ hw/sd/sdhci.c | 8 ++++++ hw/virtio/virtio-crypto.c | 4 +-- hw/virtio/virtio.c | 10 +++++++ qemu-options.hx | 6 ++-- 13 files changed, 109 insertions(+), 36 deletions(-)