On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe Mathieu-Daudé wrote: >On 1/6/23 05:18, Akihiko Odaki wrote: >> Recently MemReentrancyGuard was added to DeviceState to record that the >> device is engaging in I/O. The network device backend needs to update it >> when delivering a packet to a device. >> >> In preparation for such a change, add MemReentrancyGuard * as a >> parameter of qemu_new_nic(). > >An user on IRC asked if this patch is related/fixing CVE-2021-20255, >any clue?
* CVE-2021-20255 bug: infinite recursion is pointing at a different fix patch. -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255 * And the this patch below has different issue tagged -> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html Fixes: CVE-2023-3019 * They look different, former is an infinite recursion issue and the latter is a use-after-free one. Thank you. --- -Prasad
