Comment 294 for bug 2059809

For those following along with the qemu-img mitigation side of this work, https://bugzilla.redhat.com/show_bug.cgi?id=2278875 was also made public yesterday. It looks like RHEL 9 has fixed qemu-kvm-8.2.0-11.el9_4.4 packages available already, while Fedora, Debian and Ubuntu are still triaging (I didn't check other distros). Once fixes for that are available for your chosen platform, updating will provide some additional defense-in-depth protection beyond the solutions we've implemented in OpenStack services.