From: Kevin Wolf <kwolf@redhat.com>
To: Jack Schwartz <jack.schwartz@oracle.com>
Cc: qemu-devel@nongnu.org, ehabkost@redhat.com,
konrad.wilk@oracle.com, daniel.kiper@oracle.com, mst@redhat.com,
pbonzini@redhat.com, rth@twiddle.net, ppandit@redhat.com,
qemu-stable@nongnu.org
Subject: [Qemu-devel] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup)
Date: Wed, 14 Mar 2018 18:23:51 +0100 [thread overview]
Message-ID: <20180314172351.GA4764@localhost.localdomain> (raw)
In-Reply-To: <1513877118-3149-1-git-send-email-jack.schwartz@oracle.com>
Am 21.12.2017 um 18:25 hat Jack Schwartz geschrieben:
> Properly account for the possibility of multiboot kernels with a zero
> bss_end_addr. The Multiboot Specification, section 3.1.3 allows for
> kernels without a bss section, by allowing a zeroed bss_end_addr multiboot
> header field.
>
> Do some cleanup to multiboot.c as well:
> - Remove some unused variables.
> - Use more intuitive header names when displaying fields in messages.
> - Change fprintf(stderr...) to error_report
[ Cc: qemu-stable ]
This series happens to fix CVE-2018-7550.
http://www.openwall.com/lists/oss-security/2018/03/08/4
Just a shame that we weren't told before merging it so that the
appropriate tags could have been set in the commit message (and all of
the problems could have been addressed; I'm going to send another
Multiboot series now).
Kevin
next prev parent reply other threads:[~2018-03-14 17:24 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-21 17:25 [Qemu-devel] [PATCH QEMU v1 0/4] multiboot: bss_end_addr can be zero / cleanup Jack Schwartz
2017-12-21 17:25 ` [Qemu-devel] [PATCH QEMU v1 1/4] multiboot: bss_end_addr can be zero Jack Schwartz
2018-03-07 7:18 ` P J P
2017-12-21 17:25 ` [Qemu-devel] [PATCH QEMU v1 2/4] multiboot: Remove unused variables from multiboot.c Jack Schwartz
2018-03-07 7:20 ` P J P
2017-12-21 17:25 ` [Qemu-devel] [PATCH QEMU v1 3/4] multiboot: Use header names when displaying fields Jack Schwartz
2018-03-07 7:25 ` P J P
2017-12-21 17:25 ` [Qemu-devel] [PATCH QEMU v1 4/4] multiboot: fprintf(stderr...) -> error_report() Jack Schwartz
2018-03-07 7:40 ` P J P
2018-01-12 18:28 ` [Qemu-devel] ping: Re: [PATCH QEMU v1 0/4] multiboot: bss_end_addr can be zero / cleanup Jack Schwartz
2018-01-15 15:54 ` [Qemu-devel] " Kevin Wolf
2018-01-17 20:06 ` Jack Schwartz
2018-01-18 11:35 ` Kevin Wolf
2018-01-18 13:03 ` Daniel P. Berrange
2018-01-19 18:36 ` Anatol Pomozov
2018-01-20 0:18 ` Jack Schwartz
2018-01-22 9:57 ` Daniel P. Berrange
2018-03-02 19:32 ` Jack Schwartz
2018-03-05 8:13 ` Kevin Wolf
2018-03-07 1:52 ` Jack Schwartz
2018-03-07 11:14 ` Kevin Wolf
2018-03-14 17:23 ` Kevin Wolf [this message]
2018-03-14 17:35 ` [Qemu-devel] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup) Konrad Rzeszutek Wilk
2018-03-14 18:01 ` Kevin Wolf
2018-03-15 6:13 ` P J P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180314172351.GA4764@localhost.localdomain \
--to=kwolf@redhat.com \
--cc=daniel.kiper@oracle.com \
--cc=ehabkost@redhat.com \
--cc=jack.schwartz@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).