On Sat, 11 Apr 2020 at 20:45, Philippe Mathieu-Daudé <f4...@amsat.org> wrote: > Buffer overflows are security issues because they allow attacker to > arbitrarily write data in the process memory, and eventually take > control of it. When attacker takes control, it can access underlying > private data.
Note that for QEMU our security boundary is "VMs using KVM"; so buffer overflows are a security issue in code and devices that you can use in a KVM setup (including pluggable devices like PCI devices) but not devices you can only use in a TCG setup (where they're just bugs, though obviously ones we should fix sooner rather than later). thanks -- PMM
