[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] exec: Respect as_tranlsate_internal length clamp
From: |
Alexey Kardashevskiy |
Subject: |
[Qemu-devel] exec: Respect as_tranlsate_internal length clamp |
Date: |
Mon, 27 Feb 2017 16:53:48 +1100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
Hi!
I was asked to backport a fix for a CVE to our of our powerkvm products.
This one:
https://exchange.xforce.ibmcloud.com/vulnerabilities/111187
===
qemu-cve20158817-dos (111187) reported Mar 1, 2016
Qemu, built to use address_space_translate to map an address to a
MemoryRegionSection, is vulnerable to a denial of service, when doing
pci_dma_read/write calls. A remote authenticated attacker from within the
local network could exploit this vulnerability to cause the guest instance
to crash.
===
There is a link to this one [1]:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
Which was reverted with a sensible explanation [2]:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=4025446f0ac6213335c22ec43f3c3d8362ce7286
However it is still in the tree as [3]:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
The only difference between [1] and [3] is a fixed typo in the subject,
other than that they are identical.
Is not the explanation from [2] correct any more and [3] is a correct final
fix? Or [3] should not be in the tree at all?
Thanks!
--
Alexey
- [Qemu-devel] exec: Respect as_tranlsate_internal length clamp,
Alexey Kardashevskiy <=