gitlab scraper: download in toml and text format

author: Christian Krinitsin <mail@krinitsin.com> 2025-05-30 16:52:07 +0200
committer: Christian Krinitsin <mail@krinitsin.com> 2025-05-30 16:52:17 +0200
commit: 9260319e7411ff8281700a532caa436f40120ec4 (patch)
tree: 2f6bfe5f3458dd49d328d3a9eb508595450adec0 /gitlab/issues_text/target_missing/host_missing/accel_missing/1171
parent: 225caa38269323af1bfc2daadff5ec8bd930747f (diff)
download: qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.tar.gz
qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/1171 b/gitlab/issues_text/target_missing/host_missing/accel_missing/1171
new file mode 100644
index 000000000..65d6dc5fa
--- /dev/null
+++ b/gitlab/issues_text/target_missing/host_missing/accel_missing/1171
@@ -0,0 +1,3 @@
+tulip: DMA reentrancy issue leads to stack overflow (CVE-2022-2962)
+Description of problem:
+A DMA reentrancy issue was found in the tulip emulation. When tulip reads or writes to  rx/tx descriptor ( tulip_desc_read/write ) or copies  rx/tx frame(tulip_copy_rx_bytes / tulip_copy_tx_buffers), it doesn't check whether the destination address is its own MMIO address. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
author	Christian Krinitsin <mail@krinitsin.com>	2025-05-30 16:52:07 +0200
committer	Christian Krinitsin <mail@krinitsin.com>	2025-05-30 16:52:17 +0200
commit	9260319e7411ff8281700a532caa436f40120ec4 (patch)
tree	2f6bfe5f3458dd49d328d3a9eb508595450adec0 /gitlab/issues_text/target_missing/host_missing/accel_missing/1171
parent	225caa38269323af1bfc2daadff5ec8bd930747f (diff)
download	qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.tar.gz qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.zip