[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH][XSA-126] xen: limit guest control of PCI comman
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH][XSA-126] xen: limit guest control of PCI command register |
Date: |
Fri, 10 Apr 2015 12:45:23 +0100 |
On 9 April 2015 at 19:10, Peter Maydell <address@hidden> wrote:
> On 31 March 2015 at 15:18, Stefano Stabellini
> <address@hidden> wrote:
>> From: Jan Beulich <address@hidden>
>>
>> Otherwise the guest can abuse that control to cause e.g. PCIe
>> Unsupported Request responses (by disabling memory and/or I/O decoding
>> and subsequently causing [CPU side] accesses to the respective address
>> ranges), which (depending on system configuration) may be fatal to the
>> host.
>>
>> This is CVE-2015-2756 / XSA-126.
>>
>> Signed-off-by: Jan Beulich <address@hidden>
>> Reviewed-by: Stefano Stabellini <address@hidden>
>> Acked-by: Ian Campbell <address@hidden>
>
> Oops, this one got lost. I'm going to commit it to qemu master tomorrow
> (so it will go in -rc3), unless there are objections (I can't
> really tell from the thread what the conclusion of the discussion
> was).
Committed.
-- PMM