Re: [Qemu-devel] qemu block-qcow.c block-qcow2.c block-vmdk.c bl...

Tue, 11 Mar 2008 10:32:05 -0700

IMHO it would be much simpler to do all the tests in the block format handlers. 

Fabrice.

Aurelien Jarno wrote:

CVSROOT:        /sources/qemu
Module name:    qemu
Changes by:     Aurelien Jarno <aurel32>  08/03/11 17:17:59

Modified files:
. : block-qcow.c block-qcow2.c block-vmdk.c block.c block.h block_int.h 
Log message:
        Fix CVE-2008-0928 - insufficient block device address range checking
        
        Qemu 0.9.1 and earlier does not perform range checks for block device
        read or write requests, which allows guest host users with root
        privileges to access arbitrary memory and escape the virtual machine.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow.c?cvsroot=qemu&r1=1.15&r2=1.16
http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow2.c?cvsroot=qemu&r1=1.10&r2=1.11
http://cvs.savannah.gnu.org/viewcvs/qemu/block-vmdk.c?cvsroot=qemu&r1=1.19&r2=1.20
http://cvs.savannah.gnu.org/viewcvs/qemu/block.c?cvsroot=qemu&r1=1.54&r2=1.55
http://cvs.savannah.gnu.org/viewcvs/qemu/block.h?cvsroot=qemu&r1=1.6&r2=1.7
http://cvs.savannah.gnu.org/viewcvs/qemu/block_int.h?cvsroot=qemu&r1=1.16&r2=1.17

Reply via email to