From: "Michael S. Tsirkin" <mst@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Petr Matousek <pmatouse@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
qemu-stable <qemu-stable@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues
Date: Wed, 4 Dec 2013 13:01:20 +0200 [thread overview]
Message-ID: <20131204110120.GA9216@redhat.com> (raw)
In-Reply-To: <CAFEAcA-ZJ1RSOQAdP5+-VmFtMXfKhC+u7LE4iCG3hVZ9F=TMoQ@mail.gmail.com>
On Tue, Dec 03, 2013 at 06:24:24PM +0000, Peter Maydell wrote:
> On 3 December 2013 16:28, Michael S. Tsirkin <mst@redhat.com> wrote:
> > For example:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8
> > https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9
>
> I get "not authorized" errors on both of those.
Oh, sorry :(
You'll have to take my word on it that what happened there
was that a bug reporter saved state and suggested that
developer attempt to load it to reproduce the bug.
> > This patchset is the result of that audit: it addresses this set of
> > security issues by adding input validation and failing migration on
> > invalid input.
>
> I notice that some but not all of these patches have CVE numbers
> in the commit messages -- what's the distinction that meant some
> of them get CVEs and some don't?
>
> thanks
> -- PMM
The one that does not have a CVE is 23/23, this is
a NULL pointer dereference on invalid input, which
is not nice but probably not exploitable.
--
MST
prev parent reply other threads:[~2013-12-04 10:58 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-03 16:28 [Qemu-devel] [PATCH 00/23] qemu state loading issues Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 01/23] virtio-net: fix buffer overflow on invalid state load Michael S. Tsirkin
2013-12-03 18:47 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 02/23] virtio-net: out-of-bounds buffer write on load Michael S. Tsirkin
2013-12-03 19:25 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 03/23] virtio-net: out-of-bounds buffer write on invalid state load Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 04/23] virtio: " Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 05/23] ahci: fix buffer overrun " Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 06/23] hpet: " Michael S. Tsirkin
2013-12-03 18:39 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 07/23] hw/pci/pcie_aer.c: fix buffer overruns " Michael S. Tsirkin
2013-12-03 18:30 ` Peter Maydell
2013-12-03 20:41 ` Michael S. Tsirkin
2013-12-03 20:59 ` Peter Maydell
2013-12-03 21:19 ` Eric Blake
2013-12-03 21:25 ` Peter Maydell
2013-12-04 8:40 ` Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 08/23] pl022: fix buffer overun " Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 09/23] target-arm/machine.c: fix buffer overflow " Michael S. Tsirkin
2013-12-03 17:16 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 10/23] stellaris_enet: avoid buffer overrun on incoming migration Michael S. Tsirkin
2013-12-03 20:23 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2) Michael S. Tsirkin
2013-12-03 18:36 ` Peter Maydell
2013-12-03 20:19 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 12/23] stellaris_enet: avoid buffer orerrun on incoming migration (part 3) Michael S. Tsirkin
2013-12-03 20:22 ` Peter Maydell
2013-12-03 16:28 ` [Qemu-devel] [PATCH 13/23] virtio: avoid buffer overrun on incoming migration Michael S. Tsirkin
2013-12-03 16:28 ` [Qemu-devel] [PATCH 14/23] openpic: " Michael S. Tsirkin
2013-12-03 16:29 ` [Qemu-devel] [PATCH 15/23] pxa2xx: " Michael S. Tsirkin
2013-12-03 19:46 ` Don Koch
2013-12-03 20:56 ` Michael Roth
2013-12-03 19:48 ` Peter Maydell
2013-12-03 16:29 ` [Qemu-devel] [PATCH 16/23] virtio: validate num_sg when mapping Michael S. Tsirkin
2013-12-03 16:29 ` [Qemu-devel] [PATCH 17/23] ssi-sd: fix buffer overrun on invalid state load Michael S. Tsirkin
2013-12-03 16:29 ` [Qemu-devel] [PATCH 18/23] ssd0323: fix buffer overun " Michael S. Tsirkin
2013-12-03 19:30 ` Peter Maydell
2013-12-03 16:29 ` [Qemu-devel] [PATCH 19/23] tsc210x: fix buffer overrun " Michael S. Tsirkin
2014-03-06 19:41 ` Andreas Färber
2013-12-03 16:29 ` [Qemu-devel] [PATCH 20/23] zaurus: " Michael S. Tsirkin
2013-12-03 19:44 ` Peter Maydell
2013-12-03 16:29 ` [Qemu-devel] [PATCH 21/23] usb: sanity check setup_index+setup_len in post_load Michael S. Tsirkin
2013-12-03 16:29 ` [Qemu-devel] [PATCH 22/23] virtio-scsi: fix buffer overrun on invalid state load Michael S. Tsirkin
2013-12-03 18:19 ` Peter Maydell
2013-12-03 19:24 ` Paolo Bonzini
2014-03-06 18:30 ` Andreas Färber
2014-03-06 18:36 ` Michael S. Tsirkin
2014-03-06 19:40 ` Paolo Bonzini
2014-03-06 19:43 ` Peter Maydell
2013-12-03 16:29 ` [Qemu-devel] [PATCH 23/23] savevm: fix potential segfault on invalid state Michael S. Tsirkin
2014-03-06 18:24 ` Andreas Färber
2013-12-03 18:24 ` [Qemu-devel] [PATCH 00/23] qemu state loading issues Peter Maydell
2013-12-04 11:01 ` Michael S. Tsirkin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131204110120.GA9216@redhat.com \
--to=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=pmatouse@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).