[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block devi
From: |
Eduardo Habkost |
Subject: |
Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking |
Date: |
Thu, 19 Feb 2009 18:40:48 -0300 |
User-agent: |
Sup/git |
Excerpts from Eduardo Pereira Habkost's message of Qui Fev 19 18:19:36 -0300
2009:
> From: Aurelien Jarno <aurel32>
Oops. The line above wasn't supposed to be there. Author info on my git
repository got messed when I've squashed two patches.
>
> This is based on an old patch commited by Aurelien Jarno whose commit
> message was:
>
> Fix CVE-2008-0928 - insufficient block device address range checking
>
> Qemu 0.9.1 and earlier does not perform range checks for block device
> read or write requests, which allows guest host users with root
> privileges to access arbitrary memory and escape the virtual machine.
>
> In addition to the changes done by the previous patch, this patch changes
> total_sectors to total_bytes, so that the range checking works for
> backing devices that are not sector-based (for example, when block-qcow
> is reading the backing file). This was done to avoid bugs such as:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=485148
>
> Signed-off-by: Eduardo Habkost <address@hidden>
--
Eduardo