On 12/10/21 14:42, Kevin Wolf wrote: > Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben: >> Since v3: >> - Preliminary extract blk_create_empty_drive() >> - qtest checks qtest_check_clang_sanitizer() enabled >> - qtest uses null-co:// driver instead of file >> >> Philippe Mathieu-Daudé (3): >> hw/block/fdc: Extract blk_create_empty_drive() >> hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 >> tests/qtest/fdc-test: Add a regression test for CVE-2021-20196 > > If I may ask a meta question: No doubt that this is a bug and it's good > that we fixed it, but why was it assigned a CVE?
No clue, I suppose this is audited and handled by qemu-security@ team members. Cc'ing them. > Any guest can legitimately shut down and we don't consider that a denial > of service. This bug was essentially just another undocumented way for > the guest kernel to shut down, as unprivileged users in the guest can't > normally access the I/O ports of the floppy controller. I don't think we > generally consider guests killing themselves a security problem as long > as it requires kernel or root privileges in the guest. Agreed.
