Dear QEMU developers, we are a group of researchers working at the University of Milan, Italy. During the last year we focused on automatic techniques to find defects inside CPU emulators and virtualizers. Our work has been published in different conference papers [1][2][3], and the testing methodologies we developed allowed us to find defects in several emulators and virtualizers, including QEMU.
In these days we were asked to publicly release our experimental results. As these results also include several defects in QEMU, we believed it was better to contact you before releasing this material to the public. For this reason, we ask to whom it may concern to contact us privately at emufuz...@security.dico.unimi.it to discuss about the disclosure of these results. Thank you very much for your help, Footnotes: [1] Testing CPU Emulators (http://roberto.greyhats.it/pubs/issta09.pdf) [2] Testing system virtual machines (http://roberto.greyhats.it/pubs/issta10-kemufuzzer.pdf) [3] A fistful of red-pills: How to automatically generate procedures to detect CPU emulators (http://roberto.greyhats.it/pubs/woot09.pdf) -- Roberto Paleari http://roberto.greyhats.it/ PGP Key Fingerprint: F94C 1933 F61C 3948 7CDDÂ 2C61 38C7 6116 833D D6A0
