From: Eduardo Habkost <ehabkost@raisama.net>
To: Eduardo Pereira Habkost <ehabkost@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking
Date: Thu, 19 Feb 2009 18:40:48 -0300 [thread overview]
Message-ID: <1235079502-sup-3182@blackpad> (raw)
In-Reply-To: <1235078376-25559-5-git-send-email-ehabkost@redhat.com>
Excerpts from Eduardo Pereira Habkost's message of Qui Fev 19 18:19:36 -0300 2009:
> From: Aurelien Jarno <aurel32>
Oops. The line above wasn't supposed to be there. Author info on my git
repository got messed when I've squashed two patches.
>
> This is based on an old patch commited by Aurelien Jarno whose commit
> message was:
>
> Fix CVE-2008-0928 - insufficient block device address range checking
>
> Qemu 0.9.1 and earlier does not perform range checks for block device
> read or write requests, which allows guest host users with root
> privileges to access arbitrary memory and escape the virtual machine.
>
> In addition to the changes done by the previous patch, this patch changes
> total_sectors to total_bytes, so that the range checking works for
> backing devices that are not sector-based (for example, when block-qcow
> is reading the backing file). This was done to avoid bugs such as:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=485148
>
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
--
Eduardo
next prev parent reply other threads:[~2009-02-19 21:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-19 21:19 [Qemu-devel] [PATCH 0/4] CVE-2008-0928 security fix Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 1/4] vmdk: check for negative sector nums also Eduardo Habkost
2009-02-19 21:44 ` Stefan Weil
2009-02-19 21:56 ` Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 2/4] hw/sd.c: remove ununsed SECTOR_SIZE define Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 3/4] Move SECTOR_BITS/SECTOR_SIZE to block.h Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking Eduardo Habkost
2009-02-19 21:40 ` Eduardo Habkost [this message]
2009-02-19 22:21 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1235079502-sup-3182@blackpad \
--to=ehabkost@raisama.net \
--cc=ehabkost@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.