diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 16:27:09 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 16:27:09 +0000 |
| commit | 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (patch) | |
| tree | 4010d5fb3e8bc48c110a2c1ff2a16b8648cb86bb /results/classifier/accel-gemma3:12b/kvm/1171 | |
| parent | 5541099586dbd6018574cb44e1934907c121526f (diff) | |
| download | emulator-bug-study-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.tar.gz emulator-bug-study-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.zip | |
add gemma accelerator classification results
Diffstat (limited to 'results/classifier/accel-gemma3:12b/kvm/1171')
| -rw-r--r-- | results/classifier/accel-gemma3:12b/kvm/1171 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/results/classifier/accel-gemma3:12b/kvm/1171 b/results/classifier/accel-gemma3:12b/kvm/1171 new file mode 100644 index 00000000..e01c8a07 --- /dev/null +++ b/results/classifier/accel-gemma3:12b/kvm/1171 @@ -0,0 +1,4 @@ + +tulip: DMA reentrancy issue leads to stack overflow (CVE-2022-2962) +Description of problem: +A DMA reentrancy issue was found in the tulip emulation. When tulip reads or writes to rx/tx descriptor ( tulip_desc_read/write ) or copies rx/tx frame(tulip_copy_rx_bytes / tulip_copy_tx_buffers), it doesn't check whether the destination address is its own MMIO address. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. |