Comment 161 for bug 2059809
Revision history for this message
| Kurt Garloff (kgarloff) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #161 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
If we sneak in a data_file reference by writing it to the disk (/dev/vdb or /dev/sdb), we would still be protected, as every place where the image/snapshot/... is read is now checking for the non-existence of data_file feature, correct?