From mboxrd@z Thu Jan 1 00:00:00 1970 From: Agostino Sarubbo Subject: KVM qemu-kvm "ext4_fill_flex_info()" Denial of Service Vulnerability Date: Tue, 10 Apr 2012 21:39:02 +0200 Message-ID: <1408491.C5D10St5kt@devil> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1999845.el2TNv9xiU"; micalg="pgp-sha512"; protocol="application/pgp-signature" Content-Transfer-Encoding: 7Bit To: kvm@vger.kernel.org Return-path: Received: from smtp.gentoo.org ([140.211.166.183]:47911 "EHLO smtp.gentoo.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754626Ab2DJTjK (ORCPT ); Tue, 10 Apr 2012 15:39:10 -0400 Received: from devil (localhost [127.0.0.1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: ago) by smtp.gentoo.org (Postfix) with ESMTPSA id D253F1B4002 for ; Tue, 10 Apr 2012 19:39:09 +0000 (UTC) Sender: kvm-owner@vger.kernel.org List-ID: --nextPart1999845.el2TNv9xiU Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" Hi all. Yesterday, secunia has released an advisory about qemu-kvm. https://secunia.com/advisories/48645/ This seems to describe and 'old' kernel bug, but I don't know if there is a 'link' between the ext4 issue and kvm. Can you explain a bit this issue? Thanks in advance. -- Agostino Sarubbo ago -at- gentoo.org Gentoo/AMD64 Arch Security Liaison GPG: 0x7CD2DC5D --nextPart1999845.el2TNv9xiU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAABCgAGBQJPhIxWAAoJEOTDgjZ80txdU0MIAJvJdT3uc4UM2H1UG5oLP0kO w1I1BclFZBhBLbYmvLMeLNz+PWTspSeOXh1hCIsOw6I7TOEeQbuj2d95pLPVqhvR mRXp/Ztwm4hZgDqD11RHUEmnoTBkIHRil0S84wgWQy6CkiP3/kag1lF6kTyow7ap hh8Gm60DQE/GJHZFJb6Bapj3RF+NbfeOUYA8tdyXjk8Lk+JX3k4DyDPUtkWT7QNe dcxrzwjetCYRsddhUYucHB5S9CvwHmBWQblY/wLg91XrhzAJbZ63juUsUrUhZfmB 326bUHPE0e/53kNm3kQz5tS27XKblu0q3jfsf30u7eFBkNlZybRcUZPX+b85JUk= =IpSV -----END PGP SIGNATURE----- --nextPart1999845.el2TNv9xiU--