[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840
From: |
Amos Kong |
Subject: |
Re: [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840 |
Date: |
Tue, 9 Dec 2014 07:32:50 +0800 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Nov 12, 2014 at 11:44:35AM +0200, Michael S. Tsirkin wrote:
> This patchset fixes CVE-2014-7840: invalid
> migration stream can cause arbitrary qemu memory
> overwrite.
> First patch includes the minimal fix for the issue.
> Follow-up patches on top add extra checking to reduce the
> chance this kind of bug recurs.
>
> Note: these are already (tentatively-pending review)
> queued in my tree, so only review/ack
> is necessary.
>
> Michael S. Tsirkin (4):
Reviewed-by: Amos Kong <address@hidden>
> migration: fix parameter validation on ram load
> exec: add wrapper for host pointer access
> cpu: assert host pointer offset within block
> cpu: verify that block->host is set
>
> include/exec/cpu-all.h | 7 +++++++
> arch_init.c | 5 +++--
> exec.c | 10 +++++-----
> 3 files changed, 15 insertions(+), 7 deletions(-)
>
> --
> MST
>
--
Amos.
signature.asc
Description: Digital signature
- Re: [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840,
Amos Kong <=