On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe Mathieu-Daudé wrote:
On 1/6/23 05:18, Akihiko Odaki wrote:
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().
An user on IRC asked if this patch is related/fixing CVE-2021-20255,
any clue?
* CVE-2021-20255 bug: infinite recursion is pointing at a different fix patch.
-> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255
* And the this patch below has different issue tagged
-> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html
Fixes: CVE-2023-3019
* They look different, former is an infinite recursion issue and the latter is
a use-after-free one.