Skip to content
Commit 49ef542e authored by Petr Matousek's avatar Petr Matousek Committed by Michael Roth
Browse files

i8254: fix out-of-bounds memory access in pit_ioport_read()



Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.

Fix this by ignoring read from the Mode/Command register.

This is CVE-2015-3214.

Reported-by: default avatarMatt Tait <matttait@google.com>
Fixes: 0505bcde
Cc: qemu-stable@nongnu.org
Signed-off-by: default avatarPetr Matousek <pmatouse@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d4862a87)
Signed-off-by: default avatarMichael Roth <mdroth@linux.vnet.ibm.com>
parent c270245a
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment