From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57491) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VoA9W-0007zG-8v for qemu-devel@nongnu.org; Wed, 04 Dec 2013 05:58:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VoA9Q-0000PL-6S for qemu-devel@nongnu.org; Wed, 04 Dec 2013 05:57:58 -0500 Date: Wed, 4 Dec 2013 13:01:20 +0200 From: "Michael S. Tsirkin" Message-ID: <20131204110120.GA9216@redhat.com> References: <1386087086-3691-1-git-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: Petr Matousek , QEMU Developers , qemu-stable On Tue, Dec 03, 2013 at 06:24:24PM +0000, Peter Maydell wrote: > On 3 December 2013 16:28, Michael S. Tsirkin wrote: > > For example: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8 > > https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9 > > I get "not authorized" errors on both of those. Oh, sorry :( You'll have to take my word on it that what happened there was that a bug reporter saved state and suggested that developer attempt to load it to reproduce the bug. > > This patchset is the result of that audit: it addresses this set of > > security issues by adding input validation and failing migration on > > invalid input. > > I notice that some but not all of these patches have CVE numbers > in the commit messages -- what's the distinction that meant some > of them get CVEs and some don't? > > thanks > -- PMM The one that does not have a CVE is 23/23, this is a NULL pointer dereference on invalid input, which is not nice but probably not exploitable. -- MST