oss-sec mailing list archives
Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations
From: P J P <ppandit () redhat com>
Date: Tue, 12 Jan 2016 23:24:36 +0530 (IST)
+-- On Tue, 12 Jan 2016, cve-assign () mitre org wrote --+ | Use CVE-2016-1714. Thank you. | Note that http://git.qemu.org/?p=qemu.git;a=blob;f=hw/nvram/fw_cfg.c | has: | | static void fw_cfg_write(FWCfgState *s, uint8_t value) | { | /* nothing, write support removed in QEMU v2.4+ */ | } | | and has no fw_cfg_read function. That's right. This issue affects Qemu versions prior to 2.4. Above change was made immediately after the release of v2.3. -> http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P (Jan 11)
- Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations cve-assign (Jan 12)
- Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P (Jan 12)
- Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations cve-assign (Jan 12)