[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH][XSA-126] xen: limit guest control of PCI comman
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH][XSA-126] xen: limit guest control of PCI command register |
Date: |
Thu, 9 Apr 2015 19:10:53 +0100 |
On 31 March 2015 at 15:18, Stefano Stabellini
<address@hidden> wrote:
> From: Jan Beulich <address@hidden>
>
> Otherwise the guest can abuse that control to cause e.g. PCIe
> Unsupported Request responses (by disabling memory and/or I/O decoding
> and subsequently causing [CPU side] accesses to the respective address
> ranges), which (depending on system configuration) may be fatal to the
> host.
>
> This is CVE-2015-2756 / XSA-126.
>
> Signed-off-by: Jan Beulich <address@hidden>
> Reviewed-by: Stefano Stabellini <address@hidden>
> Acked-by: Ian Campbell <address@hidden>
Oops, this one got lost. I'm going to commit it to qemu master tomorrow
(so it will go in -rc3), unless there are objections (I can't
really tell from the thread what the conclusion of the discussion
was).
-- PMM
- Re: [Qemu-devel] [PATCH][XSA-126] xen: limit guest control of PCI command register,
Peter Maydell <=