[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug 1863025] Re: Use-after-free after flush in TCG accelerator
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [Bug 1863025] Re: Use-after-free after flush in TCG accelerator |
|
Date: |
Thu, 31 Aug 2023 15:40:25 +0200 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 |
Hi Samuel,
On 31/8/23 14:48, Samuel Henrique wrote:
CVE-2020-24165 was assigned to this:
https://nvd.nist.gov/vuln/detail/CVE-2020-24165
I had no involvement in the assignment, posting here for reference only.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24165
QEMU 4.2.0 was released in 2019. The issue you report
has been fixed in commit 886cc68943 ("accel/tcg: fix race
in cpu_exec_step_atomic (bug 1863025)") which is included
in QEMU v5.0, released in April 2020, more than 3 years ago.
What do you expect us to do here? I'm not sure whether assigning
CVE for 3 years old code is a good use of engineering time.
Regards,
Phil.