On Thu, Apr 07, 2022 at 11:03:16AM +0100, Peter Maydell wrote: > On Thu, 7 Apr 2022 at 10:52, Michael S. Tsirkin <m...@redhat.com> wrote: > > > > From: Wentao Liang <wentao_lian...@163.com> > > > > A potential Use-after-free was reported in virtio_iommu_handle_command > > when using virtio-iommu: > > > > > I find a potential Use-after-free in QEMU 6.2.0, which is in > > > virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). > > So, this isn't a regression. Do you think it's critically necessary > it goes in 7.0, or is it in the category "put it into 7.0 if we > need an rc4 for some other reason anyway" ? > > (I have a feeling we'll need an rc4, but we'll see.) > > thanks > -- PMM
I am concerned it can be used to trigger a CVE but I could not find a way. So I would say if there's an rc4 pls include it but if not then we can pick it up in stable. -- MST
