|
From: | Jason Wang |
Subject: | Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets |
Date: | Fri, 30 Nov 2018 21:04:30 +0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 |
On 2018/11/30 下午5:18, P J P wrote:
+-- On Thu, 29 Nov 2018, Eric Blake wrote --+ | How important is this for 3.1? We've missed -rc3. Is this CVE quality | because of a guest being able to cause mayhem by intentionally getting into | this condition (in which case, we need it, as well as a CVE assigned)?
Yes, malicious guest can do this, but only with some specific setup e.g with hubports.
Is it | pre-existing in 3.0 at which point waiting for 4.0 is no worse off than what | we already are? It is a revised patch to fix 'CVE-2018-17963' issue. Earlier patch was included in -rc0. $ git tag --contains 1592a9947036d60dde5404204a5d45975133caf5 v3.1.0-rc0 v3.1.0-rc1 v3.1.0-rc2 v3.1.0-rc3 Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Yes, it could be treated as a follow up fixes for CVE-2018-17963. I think we need this.
Thanks
[Prev in Thread] | Current Thread | [Next in Thread] |