These two patches are fixing two separate TCG-only SMM vulnerabilities. Neither of them are reproducible with KVM, and hence are limited to "Non-virtualization Use Case" [1].
The first patch's bug is found by myself, while developing SMM challenges for CrewCTF. The second patch's bug is found by unvariant, a participant of the said CTF. [1] https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case YiFei Zhu (2): i386/cpu: Prevent delivering SIPI during SMM in TCG mode i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit target/i386/cpu.c | 3 ++- target/i386/tcg/system/smm_helper.c | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) -- 2.51.0.536.g15c5d4f767-goog
