qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 0/5] NBD: fix CVE-2024-7409 for 9.1

From: Eric Blake
Subject: [PULL 0/5] NBD: fix CVE-2024-7409 for 9.1
Date: Thu, 8 Aug 2024 16:53:38 -0500 
The following changes since commit 75c7f574035622798e9361a942bdfbb0af930f0e:

  Merge tag 'pull-hex-20240807' of https://github.com/quic/qemu into staging 
(2024-08-08 16:08:18 +1000)

are available in the Git repository at:

  https://repo.or.cz/qemu/ericb.git tags/pull-nbd-2024-08-08

for you to fetch changes up to 3e7ef738c8462c45043a1d39f702a0990406a3b3:

  nbd/server: CVE-2024-7409: Close stray clients at server-stop (2024-08-08 
16:34:04 -0500)

----------------------------------------------------------------
NBD patches for 2024-08-08

- plug CVE-2024-7409, a DoS attack exploiting nbd-server-stop

----------------------------------------------------------------
Eric Blake (5):
      nbd: Minor style and typo fixes
      nbd/server: Plumb in new args to nbd_client_add()
      nbd/server: CVE-2024-7409: Cap default max-connections to 100
      nbd/server: CVE-2024-7409: Drop non-negotiating clients
      nbd/server: CVE-2024-7409: Close stray clients at server-stop

 qapi/block-export.json         |  4 ++--
 include/block/nbd.h            | 18 +++++++++++++++-
 block/monitor/block-hmp-cmds.c |  3 ++-
 blockdev-nbd.c                 | 47 +++++++++++++++++++++++++++++++++++++++--
 nbd/server.c                   | 48 ++++++++++++++++++++++++++++++++++++++----
 qemu-nbd.c                     |  7 ++++--
 nbd/trace-events               |  1 +
 7 files changed, 116 insertions(+), 12 deletions(-)

-- 
2.46.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]