Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196

From:	Kevin Wolf
Subject:	Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196
Date:	Fri, 10 Dec 2021 14:42:53 +0100

Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben:
> Since v3:
> - Preliminary extract blk_create_empty_drive()
> - qtest checks qtest_check_clang_sanitizer() enabled
> - qtest uses null-co:// driver instead of file
> 
> Philippe Mathieu-Daudé (3):
>   hw/block/fdc: Extract blk_create_empty_drive()
>   hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
>   tests/qtest/fdc-test: Add a regression test for CVE-2021-20196

If I may ask a meta question: No doubt that this is a bug and it's good
that we fixed it, but why was it assigned a CVE?

Any guest can legitimately shut down and we don't consider that a denial
of service. This bug was essentially just another undocumented way for
the guest kernel to shut down, as unprivileged users in the guest can't
normally access the I/O ports of the floppy controller. I don't think we
generally consider guests killing themselves a security problem as long
as it requires kernel or root privileges in the guest.

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196, Kevin Wolf <=
- Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196, Philippe Mathieu-Daudé, 2021/12/16

Prev by Date: Re: [PATCH 2/2] iotests/149: Skip on unsupported ciphers
Next by Date: Re: [RFC] block-backend: prevent dangling BDS pointer in blk_drain()
Previous by thread: Re: [PATCH 2/2] iotests/149: Skip on unsupported ciphers
Next by thread: Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196
Index(es):
- Date
- Thread