public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

qemu: apply patch for CVE-2020-27617 

An assert(3) failure issue was found in the networking helper functions of QEMU. It could occur in the eth_get_gso_type() routine, if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. A guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Fixes: CVE-2020-27617
This commit is contained in:
Martin Weinelt 2020-11-02 14:01:01 +01:00
parent 92781c27bd
commit 0c54b757e9
No known key found for this signature in database
GPG Key ID: BD4AA0528F63F17E
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
pkgs/applications/virtualization/qemu/CVE-2020-27617.patch Normal file
View File

@ -0,0 +1,43 @@
From 6d19c0cc6c5a9bba308fc29d7c0edc2dc372c41b Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 21 Oct 2020 11:35:50 +0530
Subject: [PATCH] net: remove an assert call in eth_get_gso_type
eth_get_gso_type() routine returns segmentation offload type based on
L3 protocol type. It calls g_assert_not_reached if L3 protocol is
unknown, making the following return statement unreachable. Remove the
g_assert call, it maybe triggered by a guest user.
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
net/eth.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/eth.c b/net/eth.c
index 0c1d413ee2..eee77071f9 100644
--- a/net/eth.c
+++ b/net/eth.c
@@ -16,6 +16,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "net/eth.h"
#include "net/checksum.h"
#include "net/tap.h"
@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t l4proto)
return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state;
}
}
-
- /* Unsupported offload */
- g_assert_not_reached();
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: probably not GSO frame, "
+ "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto);
return VIRTIO_NET_HDR_GSO_NONE | ecn_state;
}
--
2.28.0

1
pkgs/applications/virtualization/qemu/default.nix
View File

@ -82,6 +82,7 @@ stdenv.mkDerivation rec {
./no-etc-install.patch ./no-etc-install.patch
./fix-qemu-ga.patch ./fix-qemu-ga.patch
./9p-ignore-noatime.patch ./9p-ignore-noatime.patch
./CVE-2020-27617.patch
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [ ++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch { (fetchpatch {