On Wed, Nov 12, 2014 at 11:44:35AM +0200, Michael S. Tsirkin wrote: > This patchset fixes CVE-2014-7840: invalid > migration stream can cause arbitrary qemu memory > overwrite. > First patch includes the minimal fix for the issue. > Follow-up patches on top add extra checking to reduce the > chance this kind of bug recurs. > > Note: these are already (tentatively-pending review) > queued in my tree, so only review/ack > is necessary. > > Michael S. Tsirkin (4):
Reviewed-by: Amos Kong <ak...@redhat.com>
> migration: fix parameter validation on ram load
> exec: add wrapper for host pointer access
> cpu: assert host pointer offset within block
> cpu: verify that block->host is set
>
> include/exec/cpu-all.h | 7 +++++++
> arch_init.c | 5 +++--
> exec.c | 10 +++++-----
> 3 files changed, 15 insertions(+), 7 deletions(-)
>
> --
> MST
>
--
Amos.
signature.asc
Description: Digital signature
