[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196
From: |
Kevin Wolf |
Subject: |
Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196 |
Date: |
Fri, 10 Dec 2021 14:42:53 +0100 |
Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben:
> Since v3:
> - Preliminary extract blk_create_empty_drive()
> - qtest checks qtest_check_clang_sanitizer() enabled
> - qtest uses null-co:// driver instead of file
>
> Philippe Mathieu-Daudé (3):
> hw/block/fdc: Extract blk_create_empty_drive()
> hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
> tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
If I may ask a meta question: No doubt that this is a bug and it's good
that we fixed it, but why was it assigned a CVE?
Any guest can legitimately shut down and we don't consider that a denial
of service. This bug was essentially just another undocumented way for
the guest kernel to shut down, as unprivileged users in the guest can't
normally access the I/O ports of the floppy controller. I don't think we
generally consider guests killing themselves a security problem as long
as it requires kernel or root privileges in the guest.
Kevin
- Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196,
Kevin Wolf <=