CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/28 11:09:38
Modified files:
usr.sbin/vmd : vioblk.c
Log message:
A privileged guest can make the host-side `vioblk` backend read a descriptor
outside the configured virtqueue descriptor table and interpret the out-of-table
entry as a block request descriptor. In the confirmed run, the guest-controlled
out-of-table descriptor made `vmd(8)` read and log a guest-chosen block command
value, and the device entered `DEVICE_NEEDS_RESET`.
from Quarkslab
ok hshoexer, mlarkin
