| Message ID | 20250214110728.966806-1-madmarri@cisco.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [scarthgap] qemu 8.2.7: Fix CVE-2024-8354 | expand |
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/scarthgap-qemu-8.2.7-Fix-CVE-2024-8354.patch FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you!
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 4dc6c104c7..8ab8adca9e 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -40,6 +40,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ + file://CVE-2024-8354.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-8354.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-8354.patch new file mode 100644 index 0000000000..0f64f46bac --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-8354.patch @@ -0,0 +1,42 @@ +From d96e157675eace2326955921be17133c0a8b7966 Mon Sep 17 00:00:00 2001 +From: Madhu Marri <madmarri@cisco.com> +Date: Thu, 13 Feb 2025 12:19:44 +0000 +Subject: [PATCH] usb: Check USB_TOKEN_SETUP in usb_ep_get(CVE-2024-8354) + +USB_TOKEN_SETUP packet not being handled in usb_ep_get function. +This causes the program to hit the assertion that checks for only +USB_TOKEN_IN or USB_TOKEN_OUT, leading to the failure and core +dump when the USB_TOKEN_SETUP packet is processed. + +Added a check for USB_TOKEN_SETUP to avoid triggering an assertion +failure and crash. + +Fixes: CVE-2024-8354 +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2548 + +Upstream-Status: Submitted [qemu-devel@nongnu.org] +Signed-off-by: Madhu Marri <madmarri@cisco.com> +--- + hw/usb/core.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/hw/usb/core.c b/hw/usb/core.c +index 975f76250a..df2aec5aca 100644 +--- a/hw/usb/core.c ++++ b/hw/usb/core.c +@@ -741,6 +741,12 @@ struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid, int ep) + if (ep == 0) { + return &dev->ep_ctl; + } ++ ++ if (pid == USB_TOKEN_SETUP) { ++ /* Do not handle setup packets here */ ++ return &dev->ep_ctl; ++ } ++ + assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT); + assert(ep > 0 && ep <= USB_MAX_ENDPOINTS); + eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out; +-- +2.44.1 +
Upstream Repository: https://gitlab.com/qemu-project/qemu.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-8354 Type: Security Fix CVE: CVE-2024-8354 Score: 5.5 Signed-off-by: Madhu Marri <madmarri@cisco.com> --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2024-8354.patch | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-8354.patch