[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Qemu-block] [QEMU-SECURITY] ide: fix assertion in ide_
From: |
P J P |
Subject: |
Re: [Qemu-devel] [Qemu-block] [QEMU-SECURITY] ide: fix assertion in ide_dma_cb() to prevent qemu DoS from quest |
Date: |
Tue, 16 Jul 2019 21:48:20 +0530 (IST) |
+-- On Tue, 16 Jul 2019, John Snow wrote --+
| I also feel that a privileged DOS by a guest of a legacy device is actually
| low priority security-wise, unless we can demonstrate that there are side
| effects that can be exploited.
Right, we are not treating this as a CVE issue as is. Privileged guest user
has many ways to cause similar DoS effect, without triggering this assert(3).
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F