[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma()
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c |
Date: |
Wed, 24 Mar 2021 18:28:41 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 |
On 3/24/21 4:53 PM, Alexander Bulekov wrote:
> Hi,
> I can still trigger stack-overflows, heap-UAFs and heap-overflows in the
> code, but Mark's patches fixed some of the issues. I didn't want to
> flood the issue-tracker with further problems in this code, since it
> isn't clear what the security expectations are for this device. Of
> course it is only a matter of time until someone sends more reports to
> qemu-security.
I'd expect qemu-security to have a template "Thank you for your bug
but this device is not within the 'security' boundary, we will forward
your report to the community".
>
> Mark, do you want me to provide more reproducers for this device?
Surely Mark prefers you provide bugfixes instead :D
Phil.
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Alexander Bulekov, 2021/03/14
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Alexander Bulekov, 2021/03/15
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mark Cave-Ayland, 2021/03/17
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, P J P, 2021/03/24
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mark Cave-Ayland, 2021/03/24
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mauro Matteo Cascella, 2021/03/24
- [Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c, Mark Cave-Ayland, 2021/03/25