fridtjof/qemu-cr16
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
qemu-cr16/hw/i386
History
Exact
Vulnerability Report 058e1774d6 hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() 
Reject pirq == s->nr_pirqs in xen_physdev_map_pirq().

Fixes: aa98ee38a5 ("hw/xen: Implement emulated PIRQ hypercall support")
Fixes: CVE-2026-0665
Reported-by: DARKNAVY (@DarkNavyOrg) <vr@darknavy.com>
Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Vulnerability Report <vr@darknavy.com>
Link: https://lore.kernel.org/r/13FE03BE60EA78D6+20260109023548.4047-1-vr@darknavy.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c7504ba2a560fd884557f6e5142f03b491aad0c7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2026-01-16 14:29:24 +03:00
..
kvm hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() 2026-01-16 14:29:24 +03:00
xen qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
acpi-build.c amd_iommu: HATDis/HATS=11 support 2025-10-05 16:13:02 -04:00
acpi-build.h hw/acpi: Rename and move build_x86_acpi_pci_hotplug to pcihp 2025-07-15 02:56:40 -04:00
acpi-common.c include/system: Move exec/memory.h to system/memory.h 2025-04-23 14:08:21 -07:00
acpi-common.h hw/i386/acpi: Declare pc_madt_cpu_entry() in 'acpi-common.h' 2024-02-20 20:34:21 +03:00
acpi-microvm.c include/system: Move exec/memory.h to system/memory.h 2025-04-23 14:08:21 -07:00
acpi-microvm.h microvm/acpi: add minimal acpi support 2020-09-17 14:16:19 +02:00
amd_iommu-stub.c amd_iommu: report x2APIC support to the operating system 2024-02-14 06:09:32 -05:00
amd_iommu.c amd_iommu: Support 64-bit address for IOTLB lookup 2025-11-09 03:25:43 -05:00
amd_iommu.h amd_iommu: Support 64-bit address for IOTLB lookup 2025-11-09 03:25:43 -05:00
e820_memory_layout.c hw/i386/fw_cfg: Add etc/e820 to fw_cfg late 2024-07-03 18:14:06 -04:00
e820_memory_layout.h hw/i386/fw_cfg: Add etc/e820 to fw_cfg late 2024-07-03 18:14:06 -04:00
fw_cfg.c rust: Kconfig: Factor out whether HPET is Rust or C 2025-03-20 09:23:24 +01:00
fw_cfg.h hw/i386/fw_cfg: Add etc/e820 to fw_cfg late 2024-07-03 18:14:06 -04:00
intel_iommu.c intel_iommu: Fix DMA failure when guest switches IOMMU domain 2025-11-09 08:24:29 -05:00
intel_iommu_internal.h intel_iommu: Handle PASID cache invalidation 2025-11-09 08:23:48 -05:00
isapc.c hw/i386/isapc.c: warn rather than reject modern x86 CPU models 2025-10-28 14:50:07 +01:00
Kconfig hw/i386: move isapc machine to separate isapc.c file 2025-08-29 11:20:48 +02:00
meson.build hw/i386: move isapc machine to separate isapc.c file 2025-08-29 11:20:48 +02:00
microvm-dt.c hw/i386/microvm: Use fdt field from MachineState 2025-11-05 09:26:27 +01:00
microvm-dt.h microvm: add device tree support. 2021-11-02 17:24:17 +01:00
microvm.c hw/i386: Fix 'use-legacy-x86-rom' property compatibility 2025-07-28 17:52:34 +02:00
monitor.c qapi: expose rtc-reset-reinjection command unconditionally 2025-05-28 18:26:23 +02:00
multiboot.c hw/core/loader: capture Error from load_image_targphys 2025-10-28 08:19:18 +01:00
multiboot.h target/i386: use DMA-enabled multiboot ROM for new-enough QEMU machine types 2021-11-02 15:57:27 +01:00
nitro_enclave.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
pc.c q35: increase default tseg size 2025-11-09 08:25:18 -05:00
pc_piix.c smbios: cap DIMM size to 2Tb as workaround for broken Windows 2025-10-05 09:01:08 -04:00
pc_q35.c smbios: cap DIMM size to 2Tb as workaround for broken Windows 2025-10-05 09:01:08 -04:00
pc_sysfw.c i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM 2025-07-12 15:28:21 +02:00
pc_sysfw_ovmf-stubs.c hw/i386: Introduce X86_FW_OVMF Kconfig symbol 2021-07-14 22:28:58 +02:00
pc_sysfw_ovmf.c exec/cpu-all: remove exec/target_page include 2025-04-23 15:04:57 -07:00
port92.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
sgx-epc.c qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
sgx-stub.c qapi: make SGX commands unconditionally available 2025-05-28 18:54:18 +02:00
sgx.c qapi: make SGX commands unconditionally available 2025-05-28 18:54:18 +02:00
tdvf-hob.c i386/tdx: Setup the TD HOB list 2025-05-28 19:35:54 +02:00
tdvf-hob.h i386/tdx: Setup the TD HOB list 2025-05-28 19:35:54 +02:00
tdvf.c i386/tdvf: Fix build on 32-bit host 2025-06-03 22:42:46 +02:00
trace-events intel_iommu: Reset pasid cache when system level reset 2025-11-09 08:24:15 -05:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vapic.c hw/i386/apic: Prefer APICCommonState over DeviceState 2025-10-21 20:16:47 +02:00
vmmouse.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
vmport.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
x86-common.c i386: Fix const qualifier build errors with recent glibc 2025-12-16 14:28:30 +01:00
x86-cpu.c hw/i386/apic: Prefer APICCommonState over DeviceState 2025-10-21 20:16:47 +02:00
x86-iommu-stub.c hw/i386/pc: Remove x86_iommu_get_type() 2021-11-01 18:49:10 -04:00
x86-iommu.c intel-iommu: Move dma_translation to x86-iommu 2025-10-05 16:13:02 -04:00
x86.c hw/i386/x86: Remove X86MachineClass::save_tsc_khz field 2025-05-30 09:52:08 +02:00