qemu-ppc
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic()

From: Thomas Huth
Subject: Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic()
Date: Wed, 24 Apr 2024 12:32:55 +0000 
On 24/04/2024 12.41, Prasad Pandit wrote:

On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe Mathieu-Daudé wrote:

On 1/6/23 05:18, Akihiko Odaki wrote:

Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a 
parameter of qemu_new_nic().


An user on IRC asked if this patch is related/fixing CVE-2021-20255,
any clue?


* CVE-2021-20255 bug: infinite recursion is pointing at a different fix patch.
   -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255

* And the this patch below has different issue tagged
   -> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html
   Fixes: CVE-2023-3019


* They look different, former is an infinite recursion issue and the latter is 
a use-after-free one.


I assume the eepro reentrancy issue has been fixed with:

 https://gitlab.com/qemu-project/qemu/-/issues/556
 i.e.:
 https://gitlab.com/qemu-project/qemu/-/commit/c40ca2301c7603524eaddb5308a3

 HTH,
  Thomas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]