On Thu, Feb 11, 2021 at 8:48 PM Philippe Mathieu-Daudé <[email protected]> wrote: > > On 2/11/21 9:52 AM, Mauro Matteo Cascella wrote: > > Hello, > > > > On Wed, Feb 10, 2021 at 11:27 PM Alistair Francis <[email protected]> > > wrote: > >> > >> On Tue, Feb 9, 2021 at 2:55 AM Bin Meng <[email protected]> wrote: > >>> > >>> At the end of sdhci_send_command(), it starts a data transfer if > >>> the command register indicates a data is associated. However the > >>> data transfer should only be initiated when the command execution > >>> has succeeded. > >> > >> Isn't this already fixed? > > The previous patch was enough to catch the previous reproducer, > but something changed elsewhere making the same reproducer crash > QEMU again... > > > It turned out the bug was still reproducible on master. I'm actually > > thinking of assigning a new CVE for this, to make it possible for > > distros to apply this fix. > > It sounds fair. Do you have an ETA for the new CVE?
This is now CVE-2021-3409. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
