From: Prasad J Pandit <p...@fedoraproject.org> Hello,
The ESP 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer between controller and the bus. Couple of OOB write access issues were found and reported in its emulation by Mr Li Qiang of 360.cn Inc. Please see below are the proposed patches to fix these issues. Thank you. -- Prasad J Pandit (2): scsi: check command buffer length before write(CVE-2016-4439) scsi: check dma length before reading scsi command(CVE-2016-4441) hw/scsi/esp.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) -- 2.5.5
