On Wed, Dec 22, 2021 at 09:27:51PM +0100, Philippe Mathieu-Daudé wrote:
> On Wed, Dec 22, 2021 at 9:20 PM Michael S. Tsirkin <m...@redhat.com> wrote:
> > On Wed, Dec 22, 2021 at 08:19:41PM +0100, Philippe Mathieu-Daudé wrote:
> > > +Mauro & Alex
> > >
> > > On 12/21/21 15:48, Michael S. Tsirkin wrote:
> > > > When bus is looked up on a pci write, we didn't
> > > > validate that the lookup succeeded.
> > > > Fuzzers thus can trigger QEMU crash by dereferencing the NULL
> > > > bus pointer.
> > > >
> > > > Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device")
> > > > Cc: "Igor Mammedov" <imamm...@redhat.com>
> > > > Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770
> > > > Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
> > >
> > > It seems this problem is important enough to get a CVE assigned.
> >
> > Guest root can crash guest.
> > I don't see why we would assign a CVE.
>
> Well thinking about downstream distributions, if there is a CVE assigned,
> it helps them to have it written in the commit. Maybe I am mistaken.
>
> Unrelated but it seems there is a coordination problem with the
> qemu-security@ list,
> if this isn't a security issue, why was a CVE requested?
Right. I don't think a priveleged user crashing VM warrants a CVE,
it can just halt a CPU or whatever. Just cancel the CVE request pls.
> > > Mauro, please update us when you get the CVE number.
> > > Michael, please amend the CVE number before committing the fix.
> > >
> > > FWIW Paolo asked every fuzzed bug reproducer to be committed
> > > as qtest, see tests/qtest/fuzz*c. Alex has a way to generate
> > > reproducer in plain C.
> > >
> > > Regards,
> > >
> > > Phil.
> >
