aboutsummaryrefslogtreecommitdiff
path: root/pkgs/applications/virtualization
diff options
context:
space:
mode:
authorMartin Weinelt <hexa@darmstadt.ccc.de>2020-12-01 16:54:21 +0100
committerMartin Weinelt <hexa@darmstadt.ccc.de>2020-12-01 16:54:21 +0100
commitc3f268000e02651f6c9fdeacfd115cc479c35b17 (patch)
tree4a0cc09a6b119b330ea48e2738311f4ec8a9ced1 /pkgs/applications/virtualization
parent72cb12e4ab448144ab91d529f534195e8c0eb809 (diff)
qemu: fix CVE-2020-28916
While receiving packets via e1000e_write_packet_to_guest an infinite loop could be triggered if the receive descriptor had a NULL buffer address. A privileged guest user could use this to induce a DoS Scenario. Fixes: CVE-2020-28916
Diffstat (limited to 'pkgs/applications/virtualization')
-rw-r--r--pkgs/applications/virtualization/qemu/default.nix6
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 163a87d7072f..5d4b891ad5de 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -83,6 +83,12 @@ stdenv.mkDerivation rec {
./fix-qemu-ga.patch
./9p-ignore-noatime.patch
./CVE-2020-27617.patch
+ (fetchpatch {
+ # e1000e: infinite loop scenario in case of null packet descriptor, remove for QEMU >= 5.2.0-rc3
+ name = "CVE-2020-28916.patch";
+ url = "https://git.qemu.org/?p=qemu.git;a=patch;h=c2cb511634012344e3d0fe49a037a33b12d8a98a";
+ sha256 = "1kvm6wl4vry0npiisxsn76h8nf1iv5fmqsyjvb46203f1yyg5pis";
+ })
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 01:24:14 +0000