Peter Lieven <[email protected]> writes: > Am 13.05.2015 um 21:09 schrieb Stefan Priebe: >> Am 13.05.2015 um 21:05 schrieb Stefan Weil: >>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe: >>>> >>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil: >>>>> Hi, >>>>> >>>>> I just noticed this patch because my provider told me that my KVM based >>>>> server >>>>> needs a reboot because of a CVE (see this German news: >>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html) >>>>> >>>> >>>> Isn't a live migration to a fixed version enough instead of a reboot? >>>> >>>> Stefan >>> >>> Good point. A live migration would be sufficient - if there are no bugs >>> in QEMU's live migration. >> >> just migrating all our customer machines and wanted to be sure that >> live migration is enough. > > Just to confirm: If Qemu is started with -nodefaults and there is no > fdc configuration the system is not affected by this CVE?
Not true. The FD controller is still there. It has no drives attached then, but is vulnerable all the same.
