[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs
From: |
Michael Tokarev |
Subject: |
Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs |
Date: |
Wed, 14 Feb 2024 18:53:43 +0300 |
User-agent: |
Mozilla Thunderbird |
14.02.2024 17:54, Akihiko Odaki wrote:
On 2024/02/14 17:58, Michael Tokarev wrote:
14.02.2024 08:13, Akihiko Odaki wrote:
The guest may write NumVFs greater than TotalVFs and that can lead
to buffer overflow in VF implementations.
This seems to be stable-worthy (Cc'd), and maybe even CVE-worthy?
Perhaps so. The scope of the bug is limited to emulated SR-IOV devices, and I think nobody use them except for development, but it may be still nice
to have a CVE.
Can anyone help assign a CVE? I don't know the procedure.
Heh. Usually I ask exactly the opposite question: how to avoid assigning
a CVE# for a non-issue which they most likely think is a serious security
bug? We've plenty of these in qemu, collecting dust for years... For
example, for things like some actions by privileged guest process (or kernel)
which leads to qemu dying with assertion failure, which, on a real HW, will
cause hardware lockup.
Nope, I don't remember how to request a CVE ;)
/mjt