A vulnerability of WindowsGuestDrivers

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

* A vulnerability of WindowsGuestDrivers
@ 2015-08-04  7:05 security
  2015-08-04  8:40 ` Petr Matousek
  2015-08-04  9:25 ` Yan Vugenfirer
  0 siblings, 2 replies; 3+ messages in thread
From: security @ 2015-08-04  7:05 UTC (permalink / raw)
  To: kvm

Hi team,
   One of our whitehats has just reported an vulnerability to us. It is an
integer overflow problem of KVM WindowsGuestDrivers of VirtIO (Path:
kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/).
   We don't know where to report this vulnerability to, so could you tell us
how and to whom can we report it. Thanks!
Best regards.
Aliyun-Yundun-Xianzhi (http://xianzhi.aliyun.com/)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: A vulnerability of WindowsGuestDrivers
  2015-08-04  7:05 A vulnerability of WindowsGuestDrivers security
@ 2015-08-04  8:40 ` Petr Matousek
  2015-08-04  9:25 ` Yan Vugenfirer
  1 sibling, 0 replies; 3+ messages in thread
From: Petr Matousek @ 2015-08-04  8:40 UTC (permalink / raw)
  To: security; +Cc: kvm, Yan Vugenfirer

Hi Aliyun,

On Tue, Aug 04, 2015 at 03:05:50PM +0800, security wrote:
>    One of our whitehats has just reported an vulnerability to us. It is an
> integer overflow problem of KVM WindowsGuestDrivers of VirtIO (Path:
> kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/).
>    We don't know where to report this vulnerability to, so could you tell us
> how and to whom can we report it. Thanks!

please report it directly to Yan Vugenfirer (CC'ed). Ideally also CC
secalert@redhat.com -- we will take care of CVE assignment and
coordination with other vendors in case the reported issue is important
enough that it warrants an embargo period.

Thanks,
-- 
Petr Matousek / Red Hat Product Security
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: A vulnerability of WindowsGuestDrivers
  2015-08-04  7:05 A vulnerability of WindowsGuestDrivers security
  2015-08-04  8:40 ` Petr Matousek
@ 2015-08-04  9:25 ` Yan Vugenfirer
  1 sibling, 0 replies; 3+ messages in thread
From: Yan Vugenfirer @ 2015-08-04  9:25 UTC (permalink / raw)
  To: security; +Cc: kvm

Hi,

Thank you for reaching out.

Please send the report to me. 

But to be clear on the indicated path  - kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/ - this is not part of the actual production code or part of the code that runs in kernel. It is a legacy simulator that was used to debug virtio library and it’s code loosely based on virtio-lib, outdated and not used in production.
Please send the report anyway so I could evaluate if it related to existing production code as well..

Thank you vey much,
Yan Vugenfirer.

> On Aug 4, 2015, at 10:05 AM, security <security@service.alibaba.com> wrote:
> 
> Hi team,
>   One of our whitehats has just reported an vulnerability to us. It is an
> integer overflow problem of KVM WindowsGuestDrivers of VirtIO (Path:
> kvm-guest-drivers-windows/NetKVM/DebugTools/VirtioConsoleSimulation/).
>   We don't know where to report this vulnerability to, so could you tell us
> how and to whom can we report it. Thanks!
> Best regards.
> Aliyun-Yundun-Xianzhi (http://xianzhi.aliyun.com/)
> 
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-08-04  9:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-04  7:05 A vulnerability of WindowsGuestDrivers security
2015-08-04  8:40 ` Petr Matousek
2015-08-04  9:25 ` Yan Vugenfirer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox