Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben: > Since v3: > - Preliminary extract blk_create_empty_drive() > - qtest checks qtest_check_clang_sanitizer() enabled > - qtest uses null-co:// driver instead of file > > Philippe Mathieu-Daudé (3): > hw/block/fdc: Extract blk_create_empty_drive() > hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 > tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
If I may ask a meta question: No doubt that this is a bug and it's good that we fixed it, but why was it assigned a CVE? Any guest can legitimately shut down and we don't consider that a denial of service. This bug was essentially just another undocumented way for the guest kernel to shut down, as unprivileged users in the guest can't normally access the I/O ports of the floppy controller. I don't think we generally consider guests killing themselves a security problem as long as it requires kernel or root privileges in the guest. Kevin
