|
From: | Jon Maloy |
Subject: | Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507 |
Date: | Thu, 10 Mar 2022 12:53:18 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 |
On 3/10/22 12:14, Thomas Huth wrote:
On 06/02/2022 20.19, Jon Maloy wrote:Trying again with correct email address. ///jon On 2/6/22 14:15, Jon Maloy wrote:On 1/27/22 15:14, Jon Maloy wrote:On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:Trivial fix for CVE-2021-3507. Philippe Mathieu-Daudé (2): hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) tests/qtest/fdc-test: Add a regression test for CVE-2021-3507 hw/block/fdc.c | 8 ++++++++ tests/qtest/fdc-test.c | 20 ++++++++++++++++++++ 2 files changed, 28 insertions(+)Series Acked-by: Jon Maloy <jmaloy@redhat.com>Philippe,I hear from other sources that you earlier have qualified this one as "incomplete". I am of course aware that this one, just like my own patch, is just a mitigation and not a complete correction of the erroneous calculation.Or did you have anything else in mind?Any news on this one? It would be nice to get the CVE fixed for 7.0 ? Thomas
The ball is currently with John Snow, as I understand it.The concern is that this fix may not take the driver back to a consistent state, so that we may have other problems later.
Maybe Philippe can chip in with a comment here? ///jon
[Prev in Thread] | Current Thread | [Next in Thread] |