Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues

From:	Michael S. Tsirkin
Subject:	Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues
Date:	Wed, 4 Dec 2013 13:01:20 +0200

On Tue, Dec 03, 2013 at 06:24:24PM +0000, Peter Maydell wrote:
> On 3 December 2013 16:28, Michael S. Tsirkin <address@hidden> wrote:
> >   For example:
> >
> >   https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8
> >   https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9
> 
> I get "not authorized" errors on both of those.

Oh, sorry :(
You'll have to take my word on it that what happened there
was that a bug reporter saved state and suggested that
developer attempt to load it to reproduce the bug.

> > This patchset is the result of that audit: it addresses this set of
> > security issues by adding input validation and failing migration on
> > invalid input.
> 
> I notice that some but not all of these patches have CVE numbers
> in the commit messages -- what's the distinction that meant some
> of them get CVEs and some don't?
> 
> thanks
> -- PMM

The one that does not have a CVE is 23/23, this is
a NULL pointer dereference on invalid input, which
is not nice but probably not exploitable.

-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 21/23] usb: sanity check setup_index+setup_len in post_load, (continued)
- [Qemu-devel] [PATCH 21/23] usb: sanity check setup_index+setup_len in post_load, Michael S. Tsirkin, 2013/12/03
- [Qemu-devel] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Michael S. Tsirkin, 2013/12/03
  - Re: [Qemu-devel] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Peter Maydell, 2013/12/03
  - Re: [Qemu-devel] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Peter Maydell, 2013/12/03
- [Qemu-devel] [PATCH 23/23] savevm: fix potential segfault on invalid state, Michael S. Tsirkin, 2013/12/03
- [Qemu-devel] [PATCH 22/23] virtio-scsi: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
  - Re: [Qemu-devel] [PATCH 22/23] virtio-scsi: fix buffer overrun on invalid state load, Peter Maydell, 2013/12/03
    - Re: [Qemu-devel] [PATCH 22/23] virtio-scsi: fix buffer overrun on invalid state load, Paolo Bonzini, 2013/12/03
- [Qemu-devel] [PATCH 04/23] virtio: out-of-bounds buffer write on invalid state load, Michael S. Tsirkin, 2013/12/03
- Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues, Peter Maydell, 2013/12/03
  - Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues, Michael S. Tsirkin <=

Prev by Date: Re: [Qemu-devel] [RFC PATCH 03/21] target-arm: adjust TTBCR for TrustZone feature
Next by Date: Re: [Qemu-devel] [RFC PATCH 05/21] target-arm: add CPU Monitor mode
Previous by thread: Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues
Next by thread: Re: [Qemu-devel] [ANNOUNCE] QEMU 1.7.0-rc2 is now available
Index(es):
- Date
- Thread