11:57 p.m.
Han Han (4):
NEWS: qemu: Add support for hyperv enlightenments features
NEWS: cpu_map: Add the EPYC-Genoa cpu mode
NEWS: Add the news for CVE-2024-2494
NEWS: Add the news for CVE-2024-4418
NEWS.rst | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
--
2.47.0
11:57 p.m.
New subject: [PATCH 1/4] NEWS: qemu: Add support for hyperv enlightenments features
Signed-off-by: Han Han <hhan(a)redhat.com>
---
NEWS.rst | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 56adf8df8b..07ccb30887 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -169,6 +169,17 @@ v10.7.0 (2024-09-02)
domain XML for descendants of the generic PC machine type (``i440fx``,
``q35``, ``xenfv`` and ``isapc``).
+ * qemu: Add support for hyperv enlightenment feature ``hv-emsr-bitmap``
+
+ It is introduced since ``QEMU 7.10``, allowing L0 (KVM) and L1 (Hyper-V)
+ hypervisors to collaborate to avoid unnecessary updates to L2 MSR-Bitmap
+ upon vmexits.
+
+ * qemu: Add support for hyperv enlightenment feature ``hv-xmm-input``
+
+ It is introduced since ``QEMU 7.10``, allowing to pass parameters for
+ certain hypercalls using XMM registers (“XMM Fast Hypercall Input”).
+
* **Improvements**
* ch: support restore with network devices
--
2.47.0
11:57 p.m.
New subject: [PATCH 2/4] NEWS: cpu_map: Add the EPYC-Genoa cpu mode
Signed-off-by: Han Han <hhan(a)redhat.com>
---
NEWS.rst | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 07ccb30887..2c1e232707 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -852,6 +852,10 @@ v9.8.0 (2023-10-02)
<source dev='/dev/vhost-vdpa-0'>
...
+ * cpu_map: Add the EPYC-Genoa cpu model
+
+ This model is introduced since ``QEMU 8.1``.
+
* **Improvements**
* qemu: add nbdkit backend for network disks
--
2.47.0
11:57 p.m.
New subject: [PATCH 3/4] NEWS: Add the news for CVE-2024-2494
Signed-off-by: Han Han <hhan(a)redhat.com>
---
NEWS.rst | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 2c1e232707..cdac735c6e 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -462,6 +462,18 @@ v10.3.0 (2024-05-02)
v10.2.0 (2024-04-02)
====================
+* **Security**
+
+ * ``CVE-2024-2494``: remote: check for negative array lengths before allocation
+
+ Fix the flaw of the RPC library APIs of libvirt. The RPC server
+ de-serialization code allocates memory for arrays before the non-negative
+ length check is performed by the C API entry points. Passing a negative length
+ to the g_new0 function results in a crash due to the negative length being
+ treated as a huge positive number. A local unprivileged user could use this
+ flaw to perform a denial of service attack by causing the libvirt daemon to
+ crash.
+
* **New features**
* ch: Basic save and restore support for ch driver
--
2.47.0
11:57 p.m.
New subject: [PATCH 4/4] NEWS: Add the news for CVE-2024-4418
Signed-off-by: Han Han <hhan(a)redhat.com>
---
NEWS.rst | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index cdac735c6e..c3d80ad29d 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -309,6 +309,18 @@ v10.5.0 (2024-07-01)
v10.4.0 (2024-06-03)
====================
+* **Security**
+
+ * ``CVE-2024-4418``: Fix stack use-after-free in virNetClientIOEventLoop()
+
+ Fix race condition leading to a stack use-after-free bug was found in libvirt.
+ Due to a bad assumption in the virNetClientIOEventLoop() method, the data
+ pointer to a stack-allocated virNetClientIOEventData structure ended up being
+ used in the virNetClientIOEventFD callback while the data pointer's stack frame
+ was concurrently being "freed" when returning from
virNetClientIOEventLoop().
+ This flaw allows a local, unprivileged user to access virtproxyd without
+ authenticating.
+
* **New features**
* qemu: Support for ras feature for virt machine type
--
2.47.0
4:25 a.m.
On 10/25/24 06:57, Han Han wrote:
Han Han (4):
NEWS: qemu: Add support for hyperv enlightenments features
NEWS: cpu_map: Add the EPYC-Genoa cpu mode
NEWS: Add the news for CVE-2024-2494
NEWS: Add the news for CVE-2024-4418
NEWS.rst | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal
2
days inactive
27
days old
5 comments
2 participants
participants (2)
-
Han Han -
Michal Prívozník