Twitter | Pretraživanje | |
Alexander Popov
I've found a 4-year old bug in QEMU, allowing to crash it from the guest system. QEMU security team thinks that it's not a vulnerability, so I've sent the PoC and fixing patch to the public ML:
Reply Retweet Označi sa "sviđa mi se" More
Magnus K. Stubman 6. srp
Odgovor korisniku/ci @a13xp0p0v @dvyukov
Hi Alexander, thanks for sharing your research! I think it’s a nice and interesting bug. May I ask how you found it? Source code review, fuzzing, runtime testing?
Reply Retweet Označi sa "sviđa mi se"
Alexander Popov 6. srp
Odgovor korisniku/ci @magnusstubman @dvyukov @mozilla
I was running a instance for some time. Bad luck - it didn't find anything and sometimes was loosing connection to VMs. The alert from Fedora DE about QEMU was a clue. Then I used rr for debugging QEMU and rr hanged :) I'll fix it. Actually it's a good luck.
Reply Retweet Označi sa "sviđa mi se"
Paul Vixie 6. srp
Odgovor korisniku/ci @a13xp0p0v
with all of the side channel attacks and hyperviser vulns in recent years, i've concluded that a computer really is single-user, and if you believe otherwise (and thus, share it) you will face unpleasant truths later on.
Reply Retweet Označi sa "sviđa mi se"