diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 16:27:09 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 16:27:09 +0000 |
| commit | 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (patch) | |
| tree | 4010d5fb3e8bc48c110a2c1ff2a16b8648cb86bb /results/classifier/accel-gemma3:12b/kvm/782 | |
| parent | 5541099586dbd6018574cb44e1934907c121526f (diff) | |
| download | qemu-analysis-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.tar.gz qemu-analysis-4d9e26c0333abd39bdbd039dcdb30ed429c475ba.zip | |
add gemma accelerator classification results
Diffstat (limited to 'results/classifier/accel-gemma3:12b/kvm/782')
| -rw-r--r-- | results/classifier/accel-gemma3:12b/kvm/782 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/results/classifier/accel-gemma3:12b/kvm/782 b/results/classifier/accel-gemma3:12b/kvm/782 new file mode 100644 index 000000000..a2669b182 --- /dev/null +++ b/results/classifier/accel-gemma3:12b/kvm/782 @@ -0,0 +1,6 @@ + +nvme: DMA reentrancy issue leads to use-after-free (CVE-2021-3929) +Description of problem: +A DMA reentrancy issue was found in the NVM Express Controller (NVMe) emulation. Functions dma_buf_write() or dma_buf_read() in hw/nvme/ctrl.c:nvme_tx() can be called without checking if the destination region overlaps with device's MMIO. This is similar to CVE-2021-3750 (https://gitlab.com/qemu-project/qemu/-/issues/541) and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. + +This issue was reported by Qiuhao Li. |