[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues

From: Michael S. Tsirkin
Subject: Re: [Qemu-devel] [PATCH 00/23] qemu state loading issues
Date: Wed, 4 Dec 2013 13:01:20 +0200

On Tue, Dec 03, 2013 at 06:24:24PM +0000, Peter Maydell wrote:
> On 3 December 2013 16:28, Michael S. Tsirkin <address@hidden> wrote:
> >   For example:
> >
> >   https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8
> >   https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9
> I get "not authorized" errors on both of those.

Oh, sorry :(
You'll have to take my word on it that what happened there
was that a bug reporter saved state and suggested that
developer attempt to load it to reproduce the bug.

> > This patchset is the result of that audit: it addresses this set of
> > security issues by adding input validation and failing migration on
> > invalid input.
> I notice that some but not all of these patches have CVE numbers
> in the commit messages -- what's the distinction that meant some
> of them get CVEs and some don't?
> thanks
> -- PMM

The one that does not have a CVE is 23/23, this is
a NULL pointer dereference on invalid input, which
is not nice but probably not exploitable.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]