[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1880332] Re: Possible regression in QEMU 5.0.0 after CVE-2020-10702
From: |
Laurent Vivier |
Subject: |
[Bug 1880332] Re: Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation fault) |
Date: |
Mon, 25 May 2020 14:41:29 -0000 |
** Tags added: linux-user
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880332
Title:
Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation
fault)
Status in QEMU:
New
Bug description:
I've come across a very specific situation, but I'm sure it could be
replicated in other cases.
In QEMU 5.0.0 when I use user emulation with a cURL binary for aarch64
and connect to a server using TLS 1.2 and ECDHE-ECDSA-
CHACHA20-POLY1305 cypher a segmentation fault occurs.
I attach a Dockerfile that reproduces this crash and the strace output
with and without the de0b1bae6461f67243282555475f88b2384a1eb9 commit
reverted.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880332/+subscriptions