2528.toml « accel_missing « host_missing « target_missing « issues « gitlab - emulator-bug-study - Unnamed repository; edit this file 'description' to name the repository.

blob: 6240d91c1502dfef47d65e3399e1106067f8e19c (plain) (blame)

id = 2528
title = "nbd: CVE-2024-7409 fix is incomplete"
state = "closed"
created_at = "2024-08-22T14:43:30.468Z"
closed_at = "2024-09-02T09:38:17.906Z"
labels = ["Stable::to backport", "Storage", "kind::Bug", "workflow::Patch available"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/2528"
host-os = "- OS/kernel version:"
host-arch = "- QEMU flavor:"
qemu-version = "- QEMU command line:"
guest-os = "- OS/kernel version:"
guest-arch = "## Description of problem"
description = """Patch will hit list soon, but opening issue here since if this misses 9.1, we would need to allocate a second CVE for having an incomplete fix (a remaining use-after-free) in the code originally proposed for CVE-2024-7409."""
reproduce = """1. stress test of attempting repeated 'qemu-nbd --list' in parallel with repeated 'nbd-server-start/nbd-server-stop' loops in a qemu process revealed a use-after-free SEGV of nbd_server->listener
2.
3."""
additional = """"""