1. Patchew
  2. QEMU
  3. View series

[PULL 0/5] NBD: fix CVE-2024-7409 for 9.1

Eric Blake posted 5 patches 3 months, 2 weeks ago 
qapi/block-export.json         |  4 ++--
include/block/nbd.h            | 18 +++++++++++++++-
block/monitor/block-hmp-cmds.c |  3 ++-
blockdev-nbd.c                 | 47 +++++++++++++++++++++++++++++++++++++++--
nbd/server.c                   | 48 ++++++++++++++++++++++++++++++++++++++----
qemu-nbd.c                     |  7 ++++--
nbd/trace-events               |  1 +
7 files changed, 116 insertions(+), 12 deletions(-)
[PULL 0/5] NBD: fix CVE-2024-7409 for 9.1
Posted by Eric Blake 3 months, 2 weeks ago 
The following changes since commit 75c7f574035622798e9361a942bdfbb0af930f0e:

  Merge tag 'pull-hex-20240807' of https://github.com/quic/qemu into staging (2024-08-08 16:08:18 +1000)

are available in the Git repository at:

  https://repo.or.cz/qemu/ericb.git tags/pull-nbd-2024-08-08

for you to fetch changes up to 3e7ef738c8462c45043a1d39f702a0990406a3b3:

  nbd/server: CVE-2024-7409: Close stray clients at server-stop (2024-08-08 16:34:04 -0500)

----------------------------------------------------------------
NBD patches for 2024-08-08

- plug CVE-2024-7409, a DoS attack exploiting nbd-server-stop

----------------------------------------------------------------
Eric Blake (5):
      nbd: Minor style and typo fixes
      nbd/server: Plumb in new args to nbd_client_add()
      nbd/server: CVE-2024-7409: Cap default max-connections to 100
      nbd/server: CVE-2024-7409: Drop non-negotiating clients
      nbd/server: CVE-2024-7409: Close stray clients at server-stop

 qapi/block-export.json         |  4 ++--
 include/block/nbd.h            | 18 +++++++++++++++-
 block/monitor/block-hmp-cmds.c |  3 ++-
 blockdev-nbd.c                 | 47 +++++++++++++++++++++++++++++++++++++++--
 nbd/server.c                   | 48 ++++++++++++++++++++++++++++++++++++++----
 qemu-nbd.c                     |  7 ++++--
 nbd/trace-events               |  1 +
 7 files changed, 116 insertions(+), 12 deletions(-)

-- 
2.46.0
Re: [PULL 0/5] NBD: fix CVE-2024-7409 for 9.1
Posted by Richard Henderson 3 months, 2 weeks ago 
On 8/9/24 07:53, Eric Blake wrote:
> The following changes since commit 75c7f574035622798e9361a942bdfbb0af930f0e:
> 
>    Merge tag 'pull-hex-20240807' ofhttps://github.com/quic/qemu into staging (2024-08-08 16:08:18 +1000)
> 
> are available in the Git repository at:
> 
>    https://repo.or.cz/qemu/ericb.git tags/pull-nbd-2024-08-08
> 
> for you to fetch changes up to 3e7ef738c8462c45043a1d39f702a0990406a3b3:
> 
>    nbd/server: CVE-2024-7409: Close stray clients at server-stop (2024-08-08 16:34:04 -0500)
> 
> ----------------------------------------------------------------
> NBD patches for 2024-08-08
> 
> - plug CVE-2024-7409, a DoS attack exploiting nbd-server-stop

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.

r~

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.