Cc'ing Mauro to double-check. On 8/20/21 2:12 PM, Peter Maydell wrote: > On Wed, 18 Aug 2021 at 13:10, Gerd Hoffmann <kra...@redhat.com> wrote: >> >> Security fix. Sorry for the last-minute patch, I had completely >> forgotten this one until the CVE number for it arrived today. >> >> Given that the classic usb storage device is way more popular than >> the uas (usb attached scsi) device the impact should be pretty low >> and we might consider to not screw up our release schedule for this. > > What's the impact if the bug is exploited ?
Bug class: "guest-triggered user-after-free". Being privileged (root) in the guest, you can leak some data from the host process then DoS the host or potentially exploit the use-after-free to execute code on the host.
