On Tue, Sep 26, 2023, 3:11 AM Fiona Ebner <f.eb...@proxmox.com> wrote:
> Am 25.09.23 um 21:53 schrieb John Snow: > > On Thu, Sep 21, 2023 at 12:07 PM Simon Rowe <simon.r...@nutanix.com> > wrote: > >> > >> When an IDE controller is reset, its internal state is being cleared > >> before any outstanding I/O is cancelled. If a response to DMA is > >> received in this window, the aio callback will incorrectly continue > >> with the next part of the transfer (now using sector 0 from > >> the cleared controller state). > > > > Eugh, yikes. It feels like we should fix the cancellation ... > Please note that there already is a patch for that on the list: > https://lists.nongnu.org/archive/html/qemu-devel/2023-09/msg01011.html > > Best Regards, > Fiona > Gotcha, thanks for the pointer. I wonder if that's sufficient to fix the CVE here? I don't have the reproducer in my hands (that I know of ... it's genuinely possible I missed it, apologies) >
