Hi Samuel,
On 31/8/23 14:48, Samuel Henrique wrote:
CVE-2020-24165 was assigned to this:
https://nvd.nist.gov/vuln/detail/CVE-2020-24165
I had no involvement in the assignment, posting here for reference only.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24165
QEMU 4.2.0 was released in 2019. The issue you report
has been fixed in commit 886cc68943 ("accel/tcg: fix race
in cpu_exec_step_atomic (bug 1863025)") which is included
in QEMU v5.0, released in April 2020, more than 3 years ago.
What do you expect us to do here? I'm not sure whether assigning
CVE for 3 years old code is a good use of engineering time.
Regards,
Phil.
