blob: 5c51e10354fa73d72862675e803b32ba4062b7b5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
network: 0.940
device: 0.797
graphic: 0.597
instruction: 0.588
vnc: 0.402
socket: 0.327
semantic: 0.311
boot: 0.309
other: 0.077
KVM: 0.059
assembly: 0.044
mistranslation: 0.038
nbd: CVE-2024-7409 fix is incomplete
Description of problem:
Patch will hit list soon, but opening issue here since if this misses 9.1, we would need to allocate a second CVE for having an incomplete fix (a remaining use-after-free) in the code originally proposed for CVE-2024-7409.
Steps to reproduce:
1. stress test of attempting repeated 'qemu-nbd --list' in parallel with repeated 'nbd-server-start/nbd-server-stop' loops in a qemu process revealed a use-after-free SEGV of nbd_server->listener
2.
3.
Additional information:
|