[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/1] uas: add stream number sanity checks (maybe 6.1)
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH 0/1] uas: add stream number sanity checks (maybe 6.1) |
Date: |
Fri, 20 Aug 2021 15:07:03 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
Cc'ing Mauro to double-check.
On 8/20/21 2:12 PM, Peter Maydell wrote:
> On Wed, 18 Aug 2021 at 13:10, Gerd Hoffmann <kraxel@redhat.com> wrote:
>>
>> Security fix. Sorry for the last-minute patch, I had completely
>> forgotten this one until the CVE number for it arrived today.
>>
>> Given that the classic usb storage device is way more popular than
>> the uas (usb attached scsi) device the impact should be pretty low
>> and we might consider to not screw up our release schedule for this.
>
> What's the impact if the bug is exploited ?
Bug class: "guest-triggered user-after-free".
Being privileged (root) in the guest, you can leak some data from
the host process then DoS the host or potentially exploit the
use-after-free to execute code on the host.