[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] acpi: validate hotplug selector on access
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [PATCH] acpi: validate hotplug selector on access |
|
Date: |
Wed, 22 Dec 2021 20:19:41 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 |
+Mauro & Alex
On 12/21/21 15:48, Michael S. Tsirkin wrote:
> When bus is looked up on a pci write, we didn't
> validate that the lookup succeeded.
> Fuzzers thus can trigger QEMU crash by dereferencing the NULL
> bus pointer.
>
> Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device")
> Cc: "Igor Mammedov" <imammedo@redhat.com>
> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It seems this problem is important enough to get a CVE assigned.
Mauro, please update us when you get the CVE number.
Michael, please amend the CVE number before committing the fix.
FWIW Paolo asked every fuzzed bug reproducer to be committed
as qtest, see tests/qtest/fuzz*c. Alex has a way to generate
reproducer in plain C.
Regards,
Phil.
- [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/21
- Re: [PATCH] acpi: validate hotplug selector on access, Philippe Mathieu-Daudé, 2021/12/21
- Re: [PATCH] acpi: validate hotplug selector on access, Ani Sinha, 2021/12/21
- Re: [PATCH] acpi: validate hotplug selector on access,
Philippe Mathieu-Daudé <=
- Re: [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/22
- Re: [PATCH] acpi: validate hotplug selector on access, Philippe Mathieu-Daudé, 2021/12/22
- Re: [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/22
- Re: [PATCH] acpi: validate hotplug selector on access, Mauro Matteo Cascella, 2021/12/23
- Re: [PATCH] acpi: validate hotplug selector on access, Michael S. Tsirkin, 2021/12/23
- Re: [PATCH] acpi: validate hotplug selector on access, Mauro Matteo Cascella, 2021/12/23