From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59372)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1Yschu-0002bW-4C
	for qemu-devel@nongnu.org; Wed, 13 May 2015 15:52:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1Yschq-0006dw-E8
	for qemu-devel@nongnu.org; Wed, 13 May 2015 15:52:42 -0400
From: Markus Armbruster <armbru@redhat.com>
References: <1431527602-29889-1-git-send-email-jsnow@redhat.com>
	<55539D17.7010000@weilnetz.de> <55539EFA.6050605@profihost.ag>
	<5553A07E.6070608@weilnetz.de> <5553A17D.4090308@profihost.ag>
	<5553A651.3060508@kamp.de>
Date: Wed, 13 May 2015 21:52:34 +0200
In-Reply-To: <5553A651.3060508@kamp.de> (Peter Lieven's message of "Wed, 13
	May 2015 21:30:25 +0200")
Message-ID: <877fsccl19.fsf@blackfin.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [Qemu-stable] [PATCH] fdc: force the fifo access
	to be in bounds of the allocated buffer
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Lieven <pl@kamp.de>
Cc: peter.maydell@linaro.org, Petr Matousek <pmatouse@redhat.com>, Stefan Priebe <s.priebe@profihost.ag>, Stefan Weil <sw@weilnetz.de>, qemu-stable@nongnu.org, qemu-devel@nongnu.org, John Snow <jsnow@redhat.com>

Peter Lieven <pl@kamp.de> writes:

> Am 13.05.2015 um 21:09 schrieb Stefan Priebe:
>> Am 13.05.2015 um 21:05 schrieb Stefan Weil:
>>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe:
>>>>
>>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil:
>>>>> Hi,
>>>>>
>>>>> I just noticed this patch because my provider told me that my KVM based
>>>>> server
>>>>> needs a reboot because of a CVE (see this German news:
>>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html)
>>>>>
>>>>
>>>> Isn't a live migration to a fixed version enough instead of a reboot?
>>>>
>>>> Stefan
>>>
>>> Good point. A live migration would be sufficient - if there are no bugs
>>> in QEMU's live migration.
>>
>> just migrating all our customer machines and wanted to be sure that
>> live migration is enough.
>
> Just to confirm: If Qemu is started with -nodefaults and there is no
> fdc configuration the system is not affected by this CVE?

Not true.  The FD controller is still there.  It has no drives attached
then, but is vulnerable all the same.