hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
authorMarcel Apfelbaum <marcel@redhat.com>
Wed, 16 Jun 2021 11:06:00 +0000 (14:06 +0300)
committerMarcel Apfelbaum <marcel.apfelbaum@gmail.com>
Sun, 4 Jul 2021 19:47:51 +0000 (22:47 +0300)
commit284f191b4abad213aed04cb0458e1600fd18d7c4
tree747cba2bba7c7901205c8630d67eae03c8a2b340
parent9c2647f75004c4f7d64c9c0ec55f8c6f0739a8b1
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)

Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.

Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
hw/rdma/vmw/pvrdma_cmd.c