* A vulnerability of WindowsGuestDrivers
@ 2015-08-04 7:05 security
2015-08-04 8:40 ` Petr Matousek
2015-08-04 9:25 ` Yan Vugenfirer
0 siblings, 2 replies; 3+ messages in thread
From: security @ 2015-08-04 7:05 UTC (permalink / raw)
To: kvm
Hi team,
One of our whitehats has just reported an vulnerability to us. It is an
integer overflow problem of KVM WindowsGuestDrivers of VirtIO (Path:
kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/).
We don't know where to report this vulnerability to, so could you tell us
how and to whom can we report it. Thanks!
Best regards.
Aliyun-Yundun-Xianzhi (http://xianzhi.aliyun.com/)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: A vulnerability of WindowsGuestDrivers
2015-08-04 7:05 A vulnerability of WindowsGuestDrivers security
@ 2015-08-04 8:40 ` Petr Matousek
2015-08-04 9:25 ` Yan Vugenfirer
1 sibling, 0 replies; 3+ messages in thread
From: Petr Matousek @ 2015-08-04 8:40 UTC (permalink / raw)
To: security; +Cc: kvm, Yan Vugenfirer
Hi Aliyun,
On Tue, Aug 04, 2015 at 03:05:50PM +0800, security wrote:
> One of our whitehats has just reported an vulnerability to us. It is an
> integer overflow problem of KVM WindowsGuestDrivers of VirtIO (Path:
> kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/).
> We don't know where to report this vulnerability to, so could you tell us
> how and to whom can we report it. Thanks!
please report it directly to Yan Vugenfirer (CC'ed). Ideally also CC
secalert@redhat.com -- we will take care of CVE assignment and
coordination with other vendors in case the reported issue is important
enough that it warrants an embargo period.
Thanks,
--
Petr Matousek / Red Hat Product Security
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: A vulnerability of WindowsGuestDrivers
2015-08-04 7:05 A vulnerability of WindowsGuestDrivers security
2015-08-04 8:40 ` Petr Matousek
@ 2015-08-04 9:25 ` Yan Vugenfirer
1 sibling, 0 replies; 3+ messages in thread
From: Yan Vugenfirer @ 2015-08-04 9:25 UTC (permalink / raw)
To: security; +Cc: kvm
Hi,
Thank you for reaching out.
Please send the report to me.
But to be clear on the indicated path - kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/ - this is not part of the actual production code or part of the code that runs in kernel. It is a legacy simulator that was used to debug virtio library and it’s code loosely based on virtio-lib, outdated and not used in production.
Please send the report anyway so I could evaluate if it related to existing production code as well..
Thank you vey much,
Yan Vugenfirer.
> On Aug 4, 2015, at 10:05 AM, security <security@service.alibaba.com> wrote:
>
> Hi team,
> One of our whitehats has just reported an vulnerability to us. It is an
> integer overflow problem of KVM WindowsGuestDrivers of VirtIO (Path:
> kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/).
> We don't know where to report this vulnerability to, so could you tell us
> how and to whom can we report it. Thanks!
> Best regards.
> Aliyun-Yundun-Xianzhi (http://xianzhi.aliyun.com/)
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-08-04 9:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-04 7:05 A vulnerability of WindowsGuestDrivers security
2015-08-04 8:40 ` Petr Matousek
2015-08-04 9:25 ` Yan Vugenfirer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox