Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507

From:	Kevin Wolf
Subject:	Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507
Date:	Tue, 3 May 2022 11:59:15 +0200

Am 23.03.2022 um 03:25 hat John Snow geschrieben:
> On Fri, Mar 18, 2022 at 2:50 PM Thomas Huth <thuth@redhat.com> wrote:
> >
> > On 10/03/2022 18.53, Jon Maloy wrote:
> > >
> > > On 3/10/22 12:14, Thomas Huth wrote:
> > >> On 06/02/2022 20.19, Jon Maloy wrote:
> > >>> Trying again with correct email address.
> > >>> ///jon
> > >>>
> > >>> On 2/6/22 14:15, Jon Maloy wrote:
> > >>>>
> > >>>>
> > >>>> On 1/27/22 15:14, Jon Maloy wrote:
> > >>>>>
> > >>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
> > >>>>>> Trivial fix for CVE-2021-3507.
> > >>>>>>
> > >>>>>> Philippe Mathieu-Daudé (2):
> > >>>>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
> > >>>>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
> > >>>>>>
> > >>>>>>   hw/block/fdc.c         |  8 ++++++++
> > >>>>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
> > >>>>>>   2 files changed, 28 insertions(+)
> > >>>>>>
> > >>>>> Series
> > >>>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
> > >>>>
> > >>>> Philippe,
> > >>>> I hear from other sources that you earlier have qualified this one as
> > >>>> "incomplete".
> > >>>> I am of course aware that this one, just like my own patch, is just a
> > >>>> mitigation and not a complete correction of the erroneous calculation.
> > >>>> Or did you have anything else in mind?
> > >>
> > >> Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
> > >>
> > >>  Thomas
> > >>
> > > The ball is currently with John Snow, as I understand it.
> > > The concern is that this fix may not take the driver back to a consistent
> > > state, so that we may have other problems later.
> > > Maybe Philippe can chip in with a comment here?
> >
> > John, Philippe, any ideas how to move this forward?
> >
> >   Thomas
> >
> 
> The ball is indeed in my court. I need to audit this properly and get
> the patch re-applied, and get tests passing.
> 
> As a personal favor: Could you please ping me on IRC tomorrow about
> this? (Well, later today, for you.)

Going through old patches... Is this one still open?

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507, Kevin Wolf <=
- Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507, Jon Maloy, 2022/05/03
  - Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507, Kevin Wolf, 2022/05/12

Prev by Date: Re: [PATCH] qapi: Fix incorrect Since tags
Next by Date: Re: [PATCH] hw/openrisc: use right OMPIC size variable
Previous by thread: Re: [PATCH v7 00/22] host: Support macOS 12
Next by thread: Re: [PATCH-for-6.2 0/2] hw/block/fdc: Fix CVE-2021-3507
Index(es):
- Date
- Thread