Eric Blake <ebl...@redhat.com> writes: > On 11/30/18 6:28 AM, Eduardo Habkost wrote: >> host_memory_backend_set_host_nodes() was not validating >> host-nodes before writing to backend->host_nodes, making QEMU >> write beyond the end of the bitmap. >> >> Fix the crash and add a simple regression test for the fix. >> >> While at it, fix memory leak of the list returned by >> visit_type_uint16List(). >> >> Reported-by: Markus Armbruster <arm...@redhat.com> >> Signed-off-by: Eduardo Habkost <ehabk...@redhat.com> >> --- > > Looks like we may have 3.1-rc4 due to some CVE fixes; is this worth > including in 3.1 as well?
You could conceivably crash a running VM with object-add. On the other hand, the bug has been around for a while, and was only found by code inspection.