On Sat, Jan 20, 2024 at 6:42 PM Michael Tokarev <m...@tls.msk.ru> wrote:
>
> 02.01.2024 06:29, Jason Wang :
> > When HASH_REPORT is negotiated, the guest_hdr_len might be larger than
> > the size of the mergeable rx buffer header. Using
> > virtio_net_hdr_mrg_rxbuf during the header swap might lead a stack
> > overflow in this case. Fixing this by using virtio_net_hdr_v1_hash
> > instead.
> >
> > Reported-by: Xiao Lei <leixiao....@zju.edu.cn>
> > Cc: Yuri Benditovich <yuri.benditov...@daynix.com>
> > Cc: qemu-sta...@nongnu.org
> > Cc: Mauro Matteo Cascella <mcasc...@redhat.com>
> > Fixes: CVE-2023-6693
> > Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report")
> > Signed-off-by: Jason Wang <jasow...@redhat.com>
>
> Hi! Can we get this to master before Jan-27 please, so it's included in
> 8.2.1?
I think it will be.
Thanks
>
> Thanks!
>
> /mjt
>
