qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [QEMU-SECURITY] [PATCH 1/6] net: introduce qemu_receive_packet()


From: Alexander Bulekov
Subject: Re: [QEMU-SECURITY] [PATCH 1/6] net: introduce qemu_receive_packet()
Date: Fri, 26 Feb 2021 13:53:20 -0500

On 210226 1814, P J P wrote:
> Hello Alex,
> 
> On Thursday, 25 February, 2021, 10:00:33 pm IST, Alexander Bulekov 
> <alxndr@bu.edu> wrote: 
> On 210225 1128, Alexander Bulekov wrote:
> > On 210225 1931, P J P wrote:
> > > +-- On Wed, 24 Feb 2021, Philippe Mathieu-Daudé wrote --+
> > > | On 2/24/21 2:17 PM, Jason Wang wrote:
> > > | > On 2021/2/24 6:11 下午, Philippe Mathieu-Daudé wrote:
> > > | >> IIUC the guest could trigger an infinite loop and brick the emulated 
> > > | >> device model. Likely exhausting the stack, so either SEGV by 
> > > corruption 
> > > | >> or some ENOMEM?
> > > | > 
> > > | > Yes.
> > > | >>
> > > | >> Since this is guest triggerable, shouldn't we contact qemu-security@ 
> > > list 
> > > | >> and ask for a CVE for this issue, so distributions can track the 
> > > patches 
> > > | >> to backport in their stable releases? (it seems to be within the KVM 
> > > | >> devices boundary).
> > > | > 
> > > | > 
> > > | > That's the plan. I discussed this with Prasad before and he promise to
> > > | > ask CVE for this.
> > > 
> > > 'CVE-2021-3416' is assigned to this issue by Red Hat Inc.
> >
> > What is the difference with CVE-2021-20255 and CVE-2021-20257 ? Aren't
> > those just manifestations of this bug for the e1000 and the eepro100
> > devices
> 
> * You mean manifestations of the dam re-entrancy issue? 
> 

Ah I got confused - those other CVEs don't seem to be related to
loopback.
-Alex

> * They have separate CVEs because they are fixed individually.
> 
> 
> Thank you.
> ---
>   -P J P
> http://feedmug.com



reply via email to

[Prev in Thread] Current Thread [Next in Thread]