Hi Michael, On Wed, Dec 16, 2015 at 02:01:16PM +0300, Michael Tokarev wrote: > Source: qemu > Version: 1:2.1+dfsg-12+deb8u4 > Severity: important > Tags: security patch upstream fixed-upstream > > Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer > dereference issue. It occurs when the controller attempts to write to the > pending bit array(PBA) memory region. Because the MSI-X MMIO support did not > define the .write method. > > A privileges used inside guest could use this flaw to crash the Qemu process > resulting in DoS issue. > > Upstream fix: > ------------- > -> > http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285
Question back: wasn't that introduced with http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0 (v1.2.0-rc0)? Am I msising something? Is this information accurate? If not I can update the security-tracker. Regards, Salvatore
