On Sat, May 27, 2023 at 11:00 AM Michael Tokarev <m...@tls.msk.ru> wrote: > > Mon, 7 Nov 2022 11:35:10 +0100, you wrote: > > Make sure to reset data_count if it's equal to (or exceeds) block_size. > > This prevents an off-by-one read / write when accessing s->fifo_buffer > > in sdhci_read_dataport / sdhci_write_dataport, both called right after > > sdhci_buff_access_is_sequential. > > > > Fixes: CVE-2022-3872 > > .. > > Has this been forgotten, or maybe a better fix is needed? > > https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
There was a better patch proposed by Philippe: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html Which was later dropped due to a CI failure: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01504.html Not sure what's the current status. > Thanks, > > /mjt > -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
