Am 13.05.2015 um 21:52 schrieb Markus Armbruster: > Peter Lieven <[email protected]> writes: > >> Am 13.05.2015 um 21:09 schrieb Stefan Priebe: >>> Am 13.05.2015 um 21:05 schrieb Stefan Weil: >>>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe: >>>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil: >>>>>> Hi, >>>>>> >>>>>> I just noticed this patch because my provider told me that my KVM based >>>>>> server >>>>>> needs a reboot because of a CVE (see this German news: >>>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html) >>>>>> >>>>> Isn't a live migration to a fixed version enough instead of a reboot? >>>>> >>>>> Stefan >>>> Good point. A live migration would be sufficient - if there are no bugs >>>> in QEMU's live migration. >>> just migrating all our customer machines and wanted to be sure that >>> live migration is enough. >> Just to confirm: If Qemu is started with -nodefaults and there is no >> fdc configuration the system is not affected by this CVE? > Not true. The FD controller is still there. It has no drives attached > then, but is vulnerable all the same.
Are you sure? With -nodefaults the hmp command 'info block' returns nothing and the guest sees no floppy drive. Without -nodefaults I indeed see floppy0 and I have /dev/fd0 in the guest respectively. Peter
