Ask for suggestions for CVE-2019-12928

qemu-devel

[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ask for suggestions for CVE-2019-12928

From:	江芳杰
Subject:	Ask for suggestions for CVE-2019-12928
Date:	Mon, 11 Jan 2021 23:43:53 +0800 (CST)

Hi:

Sorry to bother you~

I have read the discussions about CVE--2019-12928 ( https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg01153.html).

But, for the scenario of PC users, which is no requirement of network access to QMP, there are some mitigating proposes.

1. Modify the compilation options to disable QMP.

2. Modify command line parsing function to discard the QMP parameters with network configurations.

3. PC manager or other manage software make sure only the trusted user can use QMP.

4. Other ideas?

I want to have your suggestions.

Thanks,

Best regards.

[Prev in Thread]

Current Thread

[Next in Thread]

Ask for suggestions for CVE-2019-12928, 江芳杰 <=
- Re: Ask for suggestions for CVE-2019-12928, Daniel P . Berrangé, 2021/01/11
- Re: Ask for suggestions for CVE-2019-12928, Dr. David Alan Gilbert, 2021/01/19
  - Re: Ask for suggestions for CVE-2019-12928, Markus Armbruster, 2021/01/20

Prev by Date: Re: [PATCH 7/8] hw/ppc/ppc405_uc: Drop use of ppcuic_init()
Next by Date: 来自JackJF的邮件
Previous by thread: Re: [PATCH 7/8] hw/ppc/ppc405_uc: Drop use of ppcuic_init()
Next by thread: Re: Ask for suggestions for CVE-2019-12928
Index(es):
- Date
- Thread