On 07/27/2015 08:10 AM, Stefan Priebe - Profihost AG wrote: > > Am 27.07.2015 um 14:01 schrieb John Snow: >> The following changes since commit f793d97e454a56d17e404004867985622ca1a63b: >> >> Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into >> staging (2015-07-24 13:07:10 +0100) >> >> are available in the git repository at: >> >> https://github.com/jnsnow/qemu.git tags/cve-2015-5154-pull-request > > Any details on this CVE? Is RCE possible? Only if IDE is used? > > Stefan > >> for you to fetch changes up to cb72cba83021fa42719e73a5249c12096a4d1cfc: >> >> ide: Clear DRQ after handling all expected accesses (2015-07-26 23:42:53 >> -0400) >> >> ---------------------------------------------------------------- >> >> ---------------------------------------------------------------- >> >> Kevin Wolf (3): >> ide: Check array bounds before writing to io_buffer (CVE-2015-5154) >> ide/atapi: Fix START STOP UNIT command completion >> ide: Clear DRQ after handling all expected accesses >> >> hw/ide/atapi.c | 1 + >> hw/ide/core.c | 32 ++++++++++++++++++++++++++++---- >> 2 files changed, 29 insertions(+), 4 deletions(-) >>
See also http://seclists.org/oss-sec/2015/q3/212
