| From 83dd3da9fac872fac9739b9dcb96232c93675824 Mon Sep 17 00:00:00 2001 |
| From: Klaus Jensen <k.jensen@samsung.com> |
| Date: Tue, 8 Aug 2023 17:16:13 +0200 |
| Subject: [PATCH] CVE-2023-40360 hw/nvme: fix null pointer access in directive |
| receive |
| |
| nvme_directive_receive() does not check if an endurance group has been |
| configured (set) prior to testing if flexible data placement is enabled |
| or not. |
| |
| Fix this. |
| |
| CVE: CVE-2023-40360 |
| Upstream-Status: Backport [https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98] |
| Cc: qemu-stable@nongnu.org |
| Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1815 |
| Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") |
| Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com> |
| Signed-off-by: Klaus Jensen <k.jensen@samsung.com> |
| --- |
| hw/nvme/ctrl.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c |
| index 2097fb131..36a2846c3 100644 |
| --- a/hw/nvme/ctrl.c |
| +++ b/hw/nvme/ctrl.c |
| @@ -6862,7 +6862,7 @@ static uint16_t nvme_directive_receive(NvmeCtrl *n, NvmeRequest *req) |
| case NVME_DIRECTIVE_IDENTIFY: |
| switch (doper) { |
| case NVME_DIRECTIVE_RETURN_PARAMS: |
| - if (ns->endgrp->fdp.enabled) { |
| + if (ns->endgrp && ns->endgrp->fdp.enabled) { |
| id.supported |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; |
| id.enabled |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; |
| id.persistent |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; |
| -- |
| 2.42.0 |
| |