mbox series

[PATCH-for-6.2,v3,0/2] hw/block/fdc: Fix CVE-2021-20196

Message ID 20211118120635.4043197-1-philmd@redhat.com (mailing list archive)
Headers show
Series hw/block/fdc: Fix CVE-2021-20196 | expand

Message

Philippe Mathieu-Daudé Nov. 18, 2021, 12:06 p.m. UTC
I'm not sure what happened to v1 from Prasad, so since we are
at rc2 I took a simpler approach to fix this CVE: create an
empty drive to satisfy the BlockBackend API calls.

Added Alexander's reproducer along.

Since v2:
- Reword comment (Darren)
- Add Darren R-b tag

v2: https://lore.kernel.org/qemu-devel/20211117232422.1026411-1-philmd@redhat.com/
v1: https://lore.kernel.org/qemu-devel/20210123100345.642933-1-ppandit@redhat.com/
Based-on: <20211118115733.4038610-1-philmd@redhat.com>

Alexander Bulekov (1):
  tests/qtest/fdc-test: Add a regression test for CVE-2021-20196

Philippe Mathieu-Daudé (1):
  hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196

 hw/block/fdc.c         | 14 +++++++++++++-
 tests/qtest/fdc-test.c | 21 +++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

Comments

Philippe Mathieu-Daudé Nov. 22, 2021, 2:55 p.m. UTC | #1
ping for 6.2?

> Alexander Bulekov (1):
>   tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
> 
> Philippe Mathieu-Daudé (1):
>   hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
> 
>  hw/block/fdc.c         | 14 +++++++++++++-
>  tests/qtest/fdc-test.c | 21 +++++++++++++++++++++
>  2 files changed, 34 insertions(+), 1 deletion(-)
>