|
From: | Peter Lieven |
Subject: | Re: [Qemu-devel] [Qemu-stable] [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer |
Date: | Wed, 13 May 2015 22:02:07 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
Am 13.05.2015 um 21:52 schrieb Markus Armbruster: > Peter Lieven <address@hidden> writes: > >> Am 13.05.2015 um 21:09 schrieb Stefan Priebe: >>> Am 13.05.2015 um 21:05 schrieb Stefan Weil: >>>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe: >>>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil: >>>>>> Hi, >>>>>> >>>>>> I just noticed this patch because my provider told me that my KVM based >>>>>> server >>>>>> needs a reboot because of a CVE (see this German news: >>>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html) >>>>>> >>>>> Isn't a live migration to a fixed version enough instead of a reboot? >>>>> >>>>> Stefan >>>> Good point. A live migration would be sufficient - if there are no bugs >>>> in QEMU's live migration. >>> just migrating all our customer machines and wanted to be sure that >>> live migration is enough. >> Just to confirm: If Qemu is started with -nodefaults and there is no >> fdc configuration the system is not affected by this CVE? > Not true. The FD controller is still there. It has no drives attached > then, but is vulnerable all the same. Are you sure? With -nodefaults the hmp command 'info block' returns nothing and the guest sees no floppy drive. Without -nodefaults I indeed see floppy0 and I have /dev/fd0 in the guest respectively. Peter
[Prev in Thread] | Current Thread | [Next in Thread] |