From 9260319e7411ff8281700a532caa436f40120ec4 Mon Sep 17 00:00:00 2001 From: Christian Krinitsin Date: Fri, 30 May 2025 16:52:07 +0200 Subject: gitlab scraper: download in toml and text format --- gitlab/issues_text/target_missing/host_missing/accel_missing/782 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 gitlab/issues_text/target_missing/host_missing/accel_missing/782 (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/782') diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/782 b/gitlab/issues_text/target_missing/host_missing/accel_missing/782 new file mode 100644 index 000000000..b69e00482 --- /dev/null +++ b/gitlab/issues_text/target_missing/host_missing/accel_missing/782 @@ -0,0 +1,5 @@ +nvme: DMA reentrancy issue leads to use-after-free (CVE-2021-3929) +Description of problem: +A DMA reentrancy issue was found in the NVM Express Controller (NVMe) emulation. Functions dma_buf_write() or dma_buf_read() in hw/nvme/ctrl.c:nvme_tx() can be called without checking if the destination region overlaps with device's MMIO. This is similar to CVE-2021-3750 (https://gitlab.com/qemu-project/qemu/-/issues/541) and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. + +This issue was reported by Qiuhao Li. -- cgit 1.4.1