[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] acpi: validate hotplug selector on access
From: |
Michael S. Tsirkin |
Subject: |
Re: [PATCH] acpi: validate hotplug selector on access |
Date: |
Wed, 22 Dec 2021 15:19:56 -0500 |
On Wed, Dec 22, 2021 at 08:19:41PM +0100, Philippe Mathieu-Daudé wrote:
> +Mauro & Alex
>
> On 12/21/21 15:48, Michael S. Tsirkin wrote:
> > When bus is looked up on a pci write, we didn't
> > validate that the lookup succeeded.
> > Fuzzers thus can trigger QEMU crash by dereferencing the NULL
> > bus pointer.
> >
> > Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device")
> > Cc: "Igor Mammedov" <imammedo@redhat.com>
> > Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>
> It seems this problem is important enough to get a CVE assigned.
Guest root can crash guest.
I don't see why we would assign a CVE.
> Mauro, please update us when you get the CVE number.
> Michael, please amend the CVE number before committing the fix.
>
> FWIW Paolo asked every fuzzed bug reproducer to be committed
> as qtest, see tests/qtest/fuzz*c. Alex has a way to generate
> reproducer in plain C.
>
> Regards,
>
> Phil.
- [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/21
- Re: [PATCH] acpi: validate hotplug selector on access, Philippe Mathieu-Daudé, 2021/12/21
- Re: [PATCH] acpi: validate hotplug selector on access, Ani Sinha, 2021/12/21
- Re: [PATCH] acpi: validate hotplug selector on access, Philippe Mathieu-Daudé, 2021/12/22
- Re: [PATCH] acpi: validate hotplug selector on access,
Michael S. Tsirkin <=
- Re: [PATCH] acpi: validate hotplug selector on access, Philippe Mathieu-Daudé, 2021/12/22
- Re: [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/22
- Re: [PATCH] acpi: validate hotplug selector on access, Mauro Matteo Cascella, 2021/12/23
- Re: [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/23
- Re: [PATCH] acpi: validate hotplug selector on access, Mauro Matteo Cascella, 2021/12/23