File CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch of Package xen.openSUSE_Leap_42.3_Update
References: bsc#1005005 CVE-2016-8669
16550A UART device uses an oscillator to generate frequencies
(baud base), which decide communication speed. This speed could
be changed by dividing it by a divider. If the divider is
greater than the baud base, speed is set to zero, leading to a
divide by zero error. Add check to avoid it.
Reported-by: Huawei PSIRT <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/char/serial.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Update per
-> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html
Index: xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/hw/serial.c
===================================================================
--- xen-4.7.0-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/serial.c
+++ xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/hw/serial.c
@@ -227,8 +227,9 @@ static void serial_update_parameters(Ser
int speed, parity, data_bits, stop_bits, frame_size;
QEMUSerialSetParams ssp;
- if (s->divider == 0)
+ if (s->divider == 0 || s->divider > s->baudbase) {
return;
+ }
frame_size = 1;
if (s->lcr & 0x08) {