|
From: | Michael Tokarev |
Subject: | Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs |
Date: | Wed, 14 Feb 2024 18:53:43 +0300 |
User-agent: | Mozilla Thunderbird |
14.02.2024 17:54, Akihiko Odaki wrote:
On 2024/02/14 17:58, Michael Tokarev wrote:14.02.2024 08:13, Akihiko Odaki wrote:The guest may write NumVFs greater than TotalVFs and that can lead to buffer overflow in VF implementations.This seems to be stable-worthy (Cc'd), and maybe even CVE-worthy?Perhaps so. The scope of the bug is limited to emulated SR-IOV devices, and I think nobody use them except for development, but it may be still nice to have a CVE.Can anyone help assign a CVE? I don't know the procedure.
Heh. Usually I ask exactly the opposite question: how to avoid assigning a CVE# for a non-issue which they most likely think is a serious security bug? We've plenty of these in qemu, collecting dust for years... For example, for things like some actions by privileged guest process (or kernel) which leads to qemu dying with assertion failure, which, on a real HW, will cause hardware lockup. Nope, I don't remember how to request a CVE ;) /mjt
[Prev in Thread] | Current Thread | [Next in Thread] |