On 210226 1814, P J P wrote: > Hello Alex, > > On Thursday, 25 February, 2021, 10:00:33 pm IST, Alexander Bulekov > <alx...@bu.edu> wrote: > On 210225 1128, Alexander Bulekov wrote: > > On 210225 1931, P J P wrote: > > > +-- On Wed, 24 Feb 2021, Philippe Mathieu-Daudé wrote --+ > > > | On 2/24/21 2:17 PM, Jason Wang wrote: > > > | > On 2021/2/24 6:11 下午, Philippe Mathieu-Daudé wrote: > > > | >> IIUC the guest could trigger an infinite loop and brick the emulated > > > | >> device model. Likely exhausting the stack, so either SEGV by > > > corruption > > > | >> or some ENOMEM? > > > | > > > > | > Yes. > > > | >> > > > | >> Since this is guest triggerable, shouldn't we contact qemu-security@ > > > list > > > | >> and ask for a CVE for this issue, so distributions can track the > > > patches > > > | >> to backport in their stable releases? (it seems to be within the KVM > > > | >> devices boundary). > > > | > > > > | > > > > | > That's the plan. I discussed this with Prasad before and he promise to > > > | > ask CVE for this. > > > > > > 'CVE-2021-3416' is assigned to this issue by Red Hat Inc. > > > > What is the difference with CVE-2021-20255 and CVE-2021-20257 ? Aren't > > those just manifestations of this bug for the e1000 and the eepro100 > > devices > > * You mean manifestations of the dam re-entrancy issue? >
Ah I got confused - those other CVEs don't seem to be related to loopback. -Alex > * They have separate CVEs because they are fixed individually. > > > Thank you. > --- > -P J P > http://feedmug.com
