QEMU

  1. Bug #1863025
  2. Comment #8

Comment 8 for bug 1863025

Revision history for this message
Daniel Berrange (berrange) wrote : Re: [Bug 1863025] Re: Use-after-free after flush in TCG accelerator

On Thu, Aug 31, 2023 at 03:40:25PM +0200, Philippe Mathieu-Daudé wrote:
> Hi Samuel,
>
> On 31/8/23 14:48, Samuel Henrique wrote:
> > CVE-2020-24165 was assigned to this:
> > https://nvd.nist.gov/vuln/detail/CVE-2020-24165
> >
> > I had no involvement in the assignment, posting here for reference only.
> >
> > ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24165
>
> QEMU 4.2.0 was released in 2019. The issue you report
> has been fixed in commit 886cc68943 ("accel/tcg: fix race
> in cpu_exec_step_atomic (bug 1863025)") which is included
> in QEMU v5.0, released in April 2020, more than 3 years ago.
>
> What do you expect us to do here? I'm not sure whether assigning
> CVE for 3 years old code is a good use of engineering time.

In any case per our stated security policy, we do not consider TCG to
be providing a security boundary between host and guest, and thus bugs
in TCG aren't considered security flaws:

 https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case

With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|