doc: update 'asa.rst' for 2.3 release

update fixed security issue for 2.3 release. Signed-off-by: Yonghua Huang <yonghua.huang@intel.com> Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2025-05-16 04:09:37 +00:00 · 2020-12-02 00:02:39 +08:00 · 2020-12-02 00:02:39 +08:00 · a95e019045
commit a95e019045
parent e8c20e7a63
1 changed files with 16 additions and 0 deletions
--- a/doc/asa.rst
+++ b/doc/asa.rst
@ -3,6 +3,22 @@
 Security Advisory
 #################

+Addressed in ACRN v2.3
+************************
+
+We recommend that all developers upgrade to this v2.3 release (or later), which
+addresses the following security issue that was discovered in previous releases:
+
+------
+
+- NULL Pointer Dereference in ``devicemodel\hw\pci\virtio\virtio_mei.c``
+   ``vmei_proc_tx()`` function tries to find the ``iov_base`` by calling
+   function ``paddr_guest2host()``, which may return NULL (the ``vd``
+   struct control by the User VM OS).  There is a use of ``iov_base``
+   afterward that can cause a NULL pointer dereference (CVE-2020-28346).
+
+   **Affected Release:** v2.2 and earlier.
+
 Addressed in ACRN v2.1
 ************************