[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic()
From: |
Prasad Pandit |
Subject: |
Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic() |
Date: |
Wed, 24 Apr 2024 10:41:26 +0000 (UTC) |
On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe Mathieu-Daudé wrote:
>On 1/6/23 05:18, Akihiko Odaki wrote:
>> Recently MemReentrancyGuard was added to DeviceState to record that the
>> device is engaging in I/O. The network device backend needs to update it
>> when delivering a packet to a device.
>>
>> In preparation for such a change, add MemReentrancyGuard * as a
>> parameter of qemu_new_nic().
>
>An user on IRC asked if this patch is related/fixing CVE-2021-20255,
>any clue?
* CVE-2021-20255 bug: infinite recursion is pointing at a different fix patch.
-> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255
* And the this patch below has different issue tagged
-> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html
Fixes: CVE-2023-3019
* They look different, former is an infinite recursion issue and the latter is
a use-after-free one.
Thank you.
---
-Prasad