[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk

On 09/17/14 18:31, Eric Blake wrote:
> On 09/17/2014 10:25 AM, Peter Krempa wrote:
>> Live definition was used to look up the disk index while persistent one
>> was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
>> correct def and report a nice error.
>> Unfortunately it's accessible via read-only connection.
> Mitigation - a read-only connection can only crash libvirtd in the cases
> where the guest is hot-plugging disks without reflecting those changes
> to the persistent definition.  So avoiding hotplug, or doing hotplug
> where persistent is always modified alongside live definition, will
> avoid the out-of-bounds access.

I've added this paragraph to the commit message

>> Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
>> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
>> Reported-by: Luyao Huang <lhuang redhat com>
>> Signed-off-by: Peter Krempa <pkrempa redhat com>
>> ---
>>  src/qemu/qemu_driver.c | 8 ++++++--
>>  1 file changed, 6 insertions(+), 2 deletions(-)
> ACK. I can write up the libvirt security notice; we'll eventually need
> this backported to all the affected maint branches.  I'll coordinate the
> backport effort with you on IRC.

and pushed this patch. I can handle the backport tomorrow if you don't
beat me to it.


Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]