On Aug 24 14:44, Philippe Mathieu-Daudé wrote: > On 9/8/23 15:39, Klaus Jensen wrote: > > From: Klaus Jensen <k.jen...@samsung.com> > > > > nvme_directive_receive() does not check if an endurance group has been > > configured (set) prior to testing if flexible data placement is enabled > > or not. > > > > Fix this. > > > > Cc: qemu-sta...@nongnu.org > > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1815 > > Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") > > Reviewed-by: Jesper Wendel Devantier <j.devant...@samsung.com> > > Signed-off-by: Klaus Jensen <k.jen...@samsung.com> > > --- > > hw/nvme/ctrl.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c > > index d217ae91b506..e5b5c7034d2b 100644 > > --- a/hw/nvme/ctrl.c > > +++ b/hw/nvme/ctrl.c > > @@ -6900,7 +6900,7 @@ static uint16_t nvme_directive_receive(NvmeCtrl *n, > > NvmeRequest *req) > > case NVME_DIRECTIVE_IDENTIFY: > > switch (doper) { > > case NVME_DIRECTIVE_RETURN_PARAMS: > > - if (ns->endgrp->fdp.enabled) { > > + if (ns->endgrp && ns->endgrp->fdp.enabled) { > > This patch fixes CVE-2023-40360 ("QEMU: NVMe: NULL pointer > dereference in nvme_directive_receive"). Were you aware of > the security implications? >
Yes, but I was not aware of the CVE being assigned at the time. I don't think it was? But if what you are saying is that it was my responsibility as maintainer, to get that reported and assigned, then I apologies and will of course keep that in mind going forward!
signature.asc
Description: PGP signature
