id = 2528
title = "nbd: CVE-2024-7409 fix is incomplete"
state = "closed"
created_at = "2024-08-22T14:43:30.468Z"
closed_at = "2024-09-02T09:38:17.906Z"
labels = ["Stable::to backport", "Storage", "kind::Bug", "workflow::Patch available"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/2528"
host-os = "- OS/kernel version:"
host-arch = "- QEMU flavor:"
qemu-version = "- QEMU command line:"
guest-os = "- OS/kernel version:"
guest-arch = "## Description of problem"
description = """Patch will hit list soon, but opening issue here since if this misses 9.1, we would need to allocate a second CVE for having an incomplete fix (a remaining use-after-free) in the code originally proposed for CVE-2024-7409."""
reproduce = """1. stress test of attempting repeated 'qemu-nbd --list' in parallel with repeated 'nbd-server-start/nbd-server-stop' loops in a qemu process revealed a use-after-free SEGV of nbd_server->listener
2.
3."""
additional = """"""