Am 13.05.2015 um 22:03 schrieb John Snow: > > On 05/13/2015 04:02 PM, Peter Lieven wrote: >> Am 13.05.2015 um 21:52 schrieb Markus Armbruster: >>> Peter Lieven <[email protected]> writes: >>> >>>> Am 13.05.2015 um 21:09 schrieb Stefan Priebe: >>>>> Am 13.05.2015 um 21:05 schrieb Stefan Weil: >>>>>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe: >>>>>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil: >>>>>>>> Hi, >>>>>>>> >>>>>>>> I just noticed this patch because my provider told me that my KVM based >>>>>>>> server >>>>>>>> needs a reboot because of a CVE (see this German news: >>>>>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html) >>>>>>>> >>>>>>> Isn't a live migration to a fixed version enough instead of a reboot? >>>>>>> >>>>>>> Stefan >>>>>> Good point. A live migration would be sufficient - if there are no bugs >>>>>> in QEMU's live migration. >>>>> just migrating all our customer machines and wanted to be sure that >>>>> live migration is enough. >>>> Just to confirm: If Qemu is started with -nodefaults and there is no >>>> fdc configuration the system is not affected by this CVE? >>> Not true. The FD controller is still there. It has no drives attached >>> then, but is vulnerable all the same. >> Are you sure? With -nodefaults the hmp command 'info block' returns nothing >> and >> the guest sees no floppy drive. >> >> Without -nodefaults I indeed see floppy0 and I have /dev/fd0 in the guest >> respectively. >> >> Peter >> > It's not the *drive* that is the problem, it is the *controller*. > Okay, and indeed in the qtree I see the isa-fdc.
Thanks for sorting that out. Thank you, Peter
