On Thu, Feb 11, 2021 at 8:48 PM Philippe Mathieu-Daudé <f4...@amsat.org> wrote: > > On 2/11/21 9:52 AM, Mauro Matteo Cascella wrote: > > Hello, > > > > On Wed, Feb 10, 2021 at 11:27 PM Alistair Francis <alistai...@gmail.com> > > wrote: > >> > >> On Tue, Feb 9, 2021 at 2:55 AM Bin Meng <bmeng...@gmail.com> wrote: > >>> > >>> At the end of sdhci_send_command(), it starts a data transfer if > >>> the command register indicates a data is associated. However the > >>> data transfer should only be initiated when the command execution > >>> has succeeded. > >> > >> Isn't this already fixed? > > The previous patch was enough to catch the previous reproducer, > but something changed elsewhere making the same reproducer crash > QEMU again... > > > It turned out the bug was still reproducible on master. I'm actually > > thinking of assigning a new CVE for this, to make it possible for > > distros to apply this fix. > > It sounds fair. Do you have an ETA for the new CVE?
This is now CVE-2021-3409. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0