On 05/13/2015 04:02 PM, Peter Lieven wrote: > Am 13.05.2015 um 21:52 schrieb Markus Armbruster: >> Peter Lieven <[email protected]> writes: >> >>> Am 13.05.2015 um 21:09 schrieb Stefan Priebe: >>>> Am 13.05.2015 um 21:05 schrieb Stefan Weil: >>>>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe: >>>>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil: >>>>>>> Hi, >>>>>>> >>>>>>> I just noticed this patch because my provider told me that my KVM based >>>>>>> server >>>>>>> needs a reboot because of a CVE (see this German news: >>>>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html) >>>>>>> >>>>>> Isn't a live migration to a fixed version enough instead of a reboot? >>>>>> >>>>>> Stefan >>>>> Good point. A live migration would be sufficient - if there are no bugs >>>>> in QEMU's live migration. >>>> just migrating all our customer machines and wanted to be sure that >>>> live migration is enough. >>> Just to confirm: If Qemu is started with -nodefaults and there is no >>> fdc configuration the system is not affected by this CVE? >> Not true. The FD controller is still there. It has no drives attached >> then, but is vulnerable all the same. > > Are you sure? With -nodefaults the hmp command 'info block' returns nothing > and > the guest sees no floppy drive. > > Without -nodefaults I indeed see floppy0 and I have /dev/fd0 in the guest > respectively. > > Peter >
It's not the *drive* that is the problem, it is the *controller*.
