Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma()

From:	Philippe Mathieu-Daudé
Subject:	Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c
Date:	Wed, 24 Mar 2021 18:28:41 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0

On 3/24/21 4:53 PM, Alexander Bulekov wrote:
> Hi,
> I can still trigger stack-overflows, heap-UAFs and heap-overflows in the
> code, but Mark's patches fixed some of the issues. I didn't want to
> flood the issue-tracker with further problems in this code, since it
> isn't clear what the security expectations are for this device. Of
> course it is only a matter of time until someone sends more reports to
> qemu-security.

I'd expect qemu-security to have a template "Thank you for your bug
but this device is not within the 'security' boundary, we will forward
your report to the community".

> 
> Mark, do you want me to provide more reproducers for this device?

Surely Mark prefers you provide bugfixes instead :D

Phil.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Alexander Bulekov, 2021/03/14
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Alexander Bulekov, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mark Cave-Ayland, 2021/03/17
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, P J P, 2021/03/24
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mark Cave-Ayland, 2021/03/24
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/24
  - Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Alexander Bulekov, 2021/03/24
    - Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Philippe Mathieu-Daudé <=
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mark Cave-Ayland, 2021/03/25
  - [Bug 1909247] [PATCH] tests/qtest: add more tests for am53c974 device, Alexander Bulekov, 2021/03/28

Prev by Date: Re: [PATCH v2 05/12] mc146818rtc: put it into the 'misc' category
Next by Date: Re: [PATCH v1 1/3] migration: Fix missing qemu_fflush() on buffer file in bg_migration_thread
Previous by thread: Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c
Next by thread: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c
Index(es):
- Date
- Thread