github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-05-17 12:51:12 +00:00
Code Issues Projects Releases Wiki Activity

doc: update 'asa.rst' for 2.3 release

Browse Source 
update fixed security issue for 2.3 release.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This commit is contained in:
Yonghua Huang 2020-12-02 00:02:39 +08:00 committed by David Kinder
parent e8c20e7a63
commit a95e019045
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/asa.rst
View File

@ -3,6 +3,22 @@
Security Advisory Security Advisory
################# #################
Addressed in ACRN v2.3
************************
We recommend that all developers upgrade to this v2.3 release (or later), which
addresses the following security issue that was discovered in previous releases:
------
- NULL Pointer Dereference in ``devicemodel\hw\pci\virtio\virtio_mei.c``
``vmei_proc_tx()`` function tries to find the ``iov_base`` by calling
function ``paddr_guest2host()``, which may return NULL (the ``vd``
struct control by the User VM OS). There is a use of ``iov_base``
afterward that can cause a NULL pointer dereference (CVE-2020-28346).
**Affected Release:** v2.2 and earlier.
Addressed in ACRN v2.1 Addressed in ACRN v2.1
************************ ************************