Comment 58 for bug 2071734
Revision history for this message
| Balazs Gibizer (balazs-gibizer) wrote Re: Regression VMDK/qcow arbitrary file access (CVE-2024-40767) | #58 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
> However, we should be either be failing because raw (from format_inspector) doesn't match vmdk (from qemu-img) or the above vmdk safety check, whichever comes first.
The vmdk safet_check does not run as the format_inspector does not recognize the file as vmdk, but as raw.
Then we call qemu-img info, but that means we trigger the vulnerability as we pass an unsafe image to qemu.