Hello, On Wed, Feb 10, 2021 at 11:27 PM Alistair Francis <alistai...@gmail.com> wrote: > > On Tue, Feb 9, 2021 at 2:55 AM Bin Meng <bmeng...@gmail.com> wrote: > > > > At the end of sdhci_send_command(), it starts a data transfer if > > the command register indicates a data is associated. However the > > data transfer should only be initiated when the command execution > > has succeeded. > > > > Cc: qemu-sta...@nongnu.org > > Fixes: CVE-2020-17380 > > Fixes: CVE-2020-25085 > > Reported-by: Alexander Bulekov <alx...@bu.edu> > > Reported-by: Sergej Schumilo (Ruhr-University Bochum) > > Reported-by: Cornelius Aschermann (Ruhr-University Bochum) > > Reported-by: Simon Wrner (Ruhr-University Bochum) > > Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 > > Isn't this already fixed? >
It turned out the bug was still reproducible on master. I'm actually thinking of assigning a new CVE for this, to make it possible for distros to apply this fix. -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0