Files
poky/meta/recipes-devtools
Divya Chellam e0736e9b27 qemu: fix CVE-2024-3446
A double free vulnerability was found in QEMU virtio devices
(virtio-gpu, virtio-serial-bus, virtio-crypto), where the
mem_reentrancy_guard flag insufficiently protects against DMA
reentrancy issues. This issue could allow a malicious privileged
guest to crash the QEMU process on the host, resulting in a d
enial of service or allow arbitrary code execution within the
context of the QEMU process on the host.

CVE-2024-3446-0004, CVE-2024-3446-0005, CVE-2024-3446-0006
are CVE fix and CVE-2024-3446-0001, CVE-2024-3446-0002,
CVE-2024-3446-0003 are dependent commits to fix the CVE.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-3446

Upstream patches:
9c86c97f12
f63192b054
ec0504b989
ba28e0ff4d
b4295bff25
f4729ec39a

(From OE-Core rev: db7e3a56656db0bc61ec2e35ccc149e9b90a389b)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-12-09 07:54:03 -08:00
..
2023-08-26 04:24:02 -10:00
2023-10-05 15:48:49 -10:00
2024-09-16 06:09:56 -07:00
2021-11-25 21:55:10 +00:00
2022-03-16 10:31:40 +00:00
2022-08-01 16:27:29 +01:00
2022-03-16 13:39:12 +00:00
2023-09-08 16:09:41 -10:00
2024-02-09 03:46:50 -10:00
2024-06-01 19:07:52 -07:00
2021-11-03 10:12:42 +00:00
2022-03-24 17:45:29 +00:00
2024-08-16 08:09:14 -07:00
2023-10-05 15:48:49 -10:00
2022-05-25 22:45:50 +01:00
2022-03-23 12:13:49 +00:00
2024-11-27 06:27:26 -08:00
2022-03-11 06:56:01 +00:00
2022-05-25 22:45:50 +01:00
2022-12-01 19:35:05 +00:00
2022-03-20 00:02:22 +00:00
2023-09-08 16:09:41 -10:00
2024-12-02 06:23:20 -08:00
2024-11-02 06:32:36 -07:00
2024-04-19 04:50:38 -07:00
2023-12-22 16:36:55 -10:00
2023-03-23 22:45:33 +00:00
2024-12-09 07:54:03 -08:00
2024-12-09 07:54:03 -08:00
2022-03-02 18:43:24 +00:00
2024-10-12 05:17:57 -07:00
2022-05-04 13:07:33 +01:00
2021-12-08 20:22:10 +00:00