On Tue, Mar 04, 2025 at 11:39:10AM +0300, ger...@altlinux.org wrote:
> From: Denis Rastyogin
>
> This error was discovered by fuzzing qemu-img.
>
> In the QED block driver, the need_check_timer timer is freed in
> bdrv_qed_detach_aio_context, but the pointer to the timer is not
> set to NULL. Th
From: Denis Rastyogin
This error was discovered by fuzzing qemu-img.
In the QED block driver, the need_check_timer timer is freed in
bdrv_qed_detach_aio_context, but the pointer to the timer is not
set to NULL. This can lead to a use-after-free scenario
in bdrv_qed_drain_begin().
The need_check
