[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196 |
Date: |
Thu, 16 Dec 2021 10:54:16 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 |
On 12/10/21 14:42, Kevin Wolf wrote:
> Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben:
>> Since v3:
>> - Preliminary extract blk_create_empty_drive()
>> - qtest checks qtest_check_clang_sanitizer() enabled
>> - qtest uses null-co:// driver instead of file
>>
>> Philippe Mathieu-Daudé (3):
>> hw/block/fdc: Extract blk_create_empty_drive()
>> hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
>> tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
>
> If I may ask a meta question: No doubt that this is a bug and it's good
> that we fixed it, but why was it assigned a CVE?
No clue, I suppose this is audited and handled by qemu-security@ team
members. Cc'ing them.
> Any guest can legitimately shut down and we don't consider that a denial
> of service. This bug was essentially just another undocumented way for
> the guest kernel to shut down, as unprivileged users in the guest can't
> normally access the I/O ports of the floppy controller. I don't think we
> generally consider guests killing themselves a security problem as long
> as it requires kernel or root privileges in the guest.
Agreed.