|
| From: | Markus Armbruster |
| Subject: | Re: [Qemu-stable] [Qemu-devel] [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer |
| Date: | Wed, 13 May 2015 21:52:34 +0200 |
| User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) |
Peter Lieven <address@hidden> writes: > Am 13.05.2015 um 21:09 schrieb Stefan Priebe: >> Am 13.05.2015 um 21:05 schrieb Stefan Weil: >>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe: >>>> >>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil: >>>>> Hi, >>>>> >>>>> I just noticed this patch because my provider told me that my KVM based >>>>> server >>>>> needs a reboot because of a CVE (see this German news: >>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html) >>>>> >>>> >>>> Isn't a live migration to a fixed version enough instead of a reboot? >>>> >>>> Stefan >>> >>> Good point. A live migration would be sufficient - if there are no bugs >>> in QEMU's live migration. >> >> just migrating all our customer machines and wanted to be sure that >> live migration is enough. > > Just to confirm: If Qemu is started with -nodefaults and there is no > fdc configuration the system is not affected by this CVE? Not true. The FD controller is still there. It has no drives attached then, but is vulnerable all the same.
| [Prev in Thread] | Current Thread | [Next in Thread] |