On 2024/02/15 0:55, Michael S. Tsirkin wrote:
On Wed, Feb 14, 2024 at 06:53:43PM +0300, Michael Tokarev wrote:
Nope, I don't remember how to request a CVE ;)
https://www.qemu.org/contribute/security-process/
Thanks, I requested CVEs with the form.
QEMU doesn't have any list of features without security guarantee so I
think it's "kind" to have CVEs for any features though I would certainly
add igb and NVMe's SR-IOV feature to such a list if there is.
It should be harmless to have extra CVEs at least. Well, some may think
all CVEs serious but that's not my fault.
