On 7/3/19 8:54 AM, Daniel P. Berrangé wrote: > A supposed exploit of QEMU was recently announced as CVE-2019-12928 > claiming that the monitor console was insecure because the "migrate" > comand enabled arbitrary command execution for a remote attacker.
command > > For this to be a flaw the user launching QEMU must have configured > the monitor in a way that allows for other userrs to access it. The users > exploit report quoted use of the "tcp" character device backend for > QMP. > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature