-
- Downloads
qemu: Backport fix for CVE-2024-4467
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467
Upstream commits:
https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5
https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6
https://gitlab.com/qemu-project/qemu/-/commit/83930780325b144a5908c45b3957b9b6457b3831
https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613
(From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d)
Signed-off-by: 
Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: 
Steve Sakoman <steve@sakoman.com>
Showing
- meta/recipes-devtools/qemu/qemu.inc 5 additions, 0 deletionsmeta/recipes-devtools/qemu/qemu.inc
- meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch 214 additions, 0 deletionsmeta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
- meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch 73 additions, 0 deletionsmeta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
- meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch 76 additions, 0 deletionsmeta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
- meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch 571 additions, 0 deletionsmeta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
- meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch 265 additions, 0 deletionsmeta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
Loading
Please register or sign in to comment