Mark McLoughlin wrote:
Canonical's Ubuntu Security Team will be filing a CVE on this issue,
since there is a bit of an attack vector here, and since
qemu-kvm-0.11.0 is generally available as an official release (and now
part of Ubuntu 9.10).
Guests running linux <= 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on
top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged
network user flooding an open port on the guest. The crash happens in
a manner that abruptly terminates the guest's execution (ie, without
shutting down cleanly). This may affect the guest filesystem's
general happiness.
IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug is
in the guest and the issue we're discussing here is just a hacky
workaround for the guest bug.
Yeah, I'm inclined to agree. The guest generates bad data and we exit.
exit()ing is probably not wonderful but it's a well understood behavior.
The fundamental bug here is in the guest, not in qemu.
Regards,
Anthony Liguori
Cheers,
Mark.
