[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] usb: fix serial generator
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PATCH] usb: fix serial generator |
Date: |
Wed, 05 Oct 2016 16:32:41 +0200 |
Hi,
> > Problem is that usb_desc_create_serial didn't perform that check, so a
> > loooong path string (can happen with deep pci-bridge nesting) results in
> > the third snprintf call smashing the stack.
>
> Is this exploitable enough to need a CVE?
It isn't guest-triggerable. Also it needs a pretty unusual config to
happen (pci-bridges nested so deep that lspci -t inside the guest
crashes). So I'd rate it pretty low on the severity scale.
> > Fix this by throwing out all the snpintf calls and use g_strdup_printf
>
> s/snpintf/snprintf/
Fixed.
cheers,
Gerd