[Qemu-devel] [Bug 786211] Re: Missing checks for valid, writable, firmware in fw_cfg_write

** Patch added: "0001-fw_cfg-Disallow-writes-to-non-writable-firmware-entr.patch" https://bugs.launchpad.net/bugs/786211/+attachment/2137594/+files/0001-fw_cfg-Disallow-writes-to-non-writable-firmware-entr.patch ** Visibility changed to: Public -- You received this bug notification because

[Qemu-devel] [Bug 786209] [NEW] Information leak in IDE core

*** This bug is a security vulnerability *** Public security bug reported: When the DRQ_STAT bit is set, the IDE core permits both data reads and data writes, regardless of whether the current transfer was initiated as a read or write. Furthermore, the IO buffer is allocated via a qemu_memalign

[Qemu-devel] [Bug 786208] [NEW] Missing checks for non-existent device in ide_exec_cmd

Public bug reported: Several calls in the ide_exec_cmd handler are missing checks for (!s->bs) or similar, resulting in NULL pointer dereferences, divide-by- zero, or possibly other badness if the guest performs operations on a non-existent IDE master. For example, the WIN_READ_NATIVE_MAX command